<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-upload-types/file-upload-types-by-wpforms-140-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-24T20:07:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-widgets/display-widgets-203-authenticated-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-lite-195-authenticated-contributor-stored-cross-site-scripting-via-start_timestamp-parameter</loc>
<lastmod>2025-05-09T10:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-waveform-player/easy-waveform-player-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T14:17:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-contact-form/wcp-contact-form-310-missing-authorization-via-downloadcsv</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-162-authenticatedadministrator-sql-injection-via-txtsearch</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr-premium/complianz-645-premium-647-cross-site-request-forgery</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-sms/wp-bulk-sms-by-smsto-1012-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:18:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-google-calendar-plugin-342-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T12:31:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-244-missing-authorization</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-usps-edition/small-package-quotes-usps-edition-139-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-492-insecure-direct-object-reference-to-sensitve-information-exposure-via-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-login-block/htaccess-login-block-09a-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-288-missing-authorization-to-information-disclosure-sd_php_info</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tube-video-curator/tube-video-curator-119-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2019-cross-site-request-forgery-via-save_account_details</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-3118-authenticated-contributor-stored-cross-site-scripting-via-import-data-from-file</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/themify-ultra/themify-ultra-735-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_start_cdn_integration_ajax_request_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-5127-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-231-reflected-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-339-improper-input-validation-via-save_event_booking</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devexhub-gallery/devexhub-gallery-201-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-random-posts/ajax-random-posts-033-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dr-affiliate/dr-affiliate-123-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-11665-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-authenticated-subscriber-sql-injection-via-pbc_downmetaid</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonus-for-woo/bonus-for-woo-766-insufficient-input-validation</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem-elementor/thegem-elementor-51051-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-6026-reflected-cross-site-scripting</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-facebook-pixel/meta-pixel-for-wordpress-222-php-object-injection</loc>
<lastmod>2021-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3330-unauthenticated-cron-trigger-due-to-hardcoded-cron-key</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/price-calculator-to-your-website/website-price-calculator-41-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4147-authentication-bypass</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-subscribe-buttons/podcast-subscribe-buttons-148-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5943-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-state-city-auto-dropdown/country-state-city-dropdown-cf7-272-unauthenticated-sql-injection</loc>
<lastmod>2024-05-21T19:38:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-373-reflected-cross-site-scripting</loc>
<lastmod>2021-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase-helpdesk-pro/kbx-pro-ultimate-805-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-474-admin-sql-injection</loc>
<lastmod>2022-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inspirational-quote-rotator/inspirational-quote-rotator-100-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-typed-js-shortcode/animated-typed-js-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-7221-authenticated-contributor-stored-cross-site-scripting-via-events_list_grouped-shortcode</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-wishlist-for-woocommerce/wishlist-and-save-for-later-for-woocommerce-1122-insecure-direct-object-reference-to-authenticated-subscriber-wishlist-item-deletion</loc>
<lastmod>2025-11-11T15:47:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-gutenberg-blocks-page-builder-for-gutenberg-editor-339-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-12-04T16:20:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverreach-wp/cleverreach-wp-1521-unauthenticated-sql-injection</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-popup/wp-custom-post-popup-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-testimonials-slider-and-widget/wp-responsive-testimonials-slider-and-widget-15-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-276-authenticated-contributor-stored-cross-site-scripting-via-block_css-and-inner_css</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shelf-planner/shelf-planner-281-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2025-11-10T15:14:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pinboard/pinboard-1110-cross-site-scripting</loc>
<lastmod>2013-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-383-cross-site-request-forgery</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-helpdesk-customer-support-ticket-system-185-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-28T15:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-advanced-woocommerce-bulk-edit-inventory-management-8850-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-sms-otp-for-woocommerce-order-notifications-abandoned-cart-recovery-393-missing-authorization</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1390-directory-traversal-via-wpcf7_guest_user_id-cookie</loc>
<lastmod>2025-08-15T19:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types-image/custom-post-type-images-05-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-38-subscriber-sql-injection</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1095-server-side-request-forgery</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-307-reflected-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-152-path-traversal-to-authenticated-administrator-arbitrary-file-read-via-downloadresponsefile-function</loc>
<lastmod>2025-02-13T22:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-user-access/restrict-user-access-membership-plugin-with-force-25-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-or-stripe-social-share-buttons-openai-2610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-07-31T16:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-3562-unauthenticated-arbitrary-file-read-via-media-field</loc>
<lastmod>2026-03-20T18:28:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-273-cross-site-request-forgery</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auction-feed/auction-feed-113-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-309-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-flow/zoho-flow-2141-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmaper-elementor/gmaper-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-711-authenticated-contributor-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trusty-woo-products-filter/shop-products-filter-12-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240703-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-590-missing-authorization-via-redirect_pay_for_order_to_update_payment_method</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-1062-missing-authorization</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-136-authenticated-admin-html-injection</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-wordpress-options-changes-via-ajax</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-395-local-file-inclusion</loc>
<lastmod>2014-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-503-authorization-bypass</loc>
<lastmod>2018-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-6219-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supreme-modules-for-divi/supreme-modules-lite-2562-authenticated-author-arbitrary-file-upload-via-json-upload-bypass</loc>
<lastmod>2026-01-15T01:09:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-notifier/event-notifier-120-cross-site-scripting</loc>
<lastmod>2017-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-contact-form/elfsight-contact-form-widget-231-unauthenticated-information-exposure</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/GoogleAlertandtwitterplugin/google-alert-and-twitter-plugin-315-multiple-vulnerabilities</loc>
<lastmod>2013-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-365-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-control/users-control-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-442-missing-authorization-to-arbitrary-page-creation-and-publication</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-3000-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-304-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table/wp-table-143-local-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-11051-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-2797-multiple-sql-injections</loc>
<lastmod>2015-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19953-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-performance-accelerator/aio-performance-profiler-monitor-optimize-compress-debug-12-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flat-preloader/flat-preloader-155-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/work-the-flow-file-upload/work-the-flow-231-arbitrary-file-upload</loc>
<lastmod>2014-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezoic-integration/ezoic-288-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-optimizer-webp/wp-media-optimizer-webp-140-reflected-cross-site-scripting-via-wpmowebp-css-resources-and-wpmowebp-js-resources-parameters</loc>
<lastmod>2024-12-05T19:42:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1318-authenticated-subscriber-information-disclsoure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-2310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-700-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5280-bootstrap-modal-contact-form/5280-bootstrap-modal-contact-form-10-cross-site-request-forgery-to-bulk-delete-messages</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-395-contributor-arbitrary-thumbnail-removal</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3323-unauthenticated-limited-privilege-escalation-to-instructor</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6010-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-backup-duplicator-migration-2917-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-megamenu/wp-mega-menu-136-unauthenticated-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2020-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyy/keyy-two-factor-authentication-like-clef-123-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-10-14T20:04:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-filter/blog-filter-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/draw-attention/draw-attention-2011-missing-authorization-to-arbitrary-post-featured-image-modification</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-custom-post/display-custom-post-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-332-authenticated-subscriber-arbitrary-file-upload-via-workreap_temp_upload_to_media</loc>
<lastmod>2025-06-11T16:31:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lb-mixed-slideshow/lb-mixed-slideshow-for-wordpress-10-arbitrary-file-upload</loc>
<lastmod>2012-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leenkme/leenkme-250-cross-site-request-forgery</loc>
<lastmod>2016-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-by-supsystic/photo-gallery-by-supsystic-11516-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/korea-sns/korea-sns-170-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-campaign-monitor-extension/contact-form-7-campaign-monitor-extension-0467-missing-authorization-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-303-reflected-cross-site-scripting</loc>
<lastmod>2020-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-demo-import/theme-demo-import-113-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3120-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-reflected-cross-site-scripting</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/wordpress-plugin-tournamatch-461-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-upload-file/easy-digital-downloads-upload-file-104-arbitrary-file-uploaddeletion</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-2592-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lesson-plan-book/lesson-plan-book-13-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T21:37:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-backed-notices/hide-dashboard-notifications-123-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/winnex/winnex-132-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/palladio/palladio-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversionninja/conversion-ninja-unspecified-version-cross-site-scripting</loc>
<lastmod>2014-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebot/cookiebot-458-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-244-cross-site-request-forgery</loc>
<lastmod>2022-05-27T12:53:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-verify-meta-tag/pinterest-verify-meta-tag-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-221-missing-authorization-to-authenticated-contributor-arbitrary-modification-via-ajax-actions</loc>
<lastmod>2026-04-20T17:50:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nk-themes-helper/nk-themes-helper-179-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fbsurveypro/facebook-survey-pro-10-sql-injection</loc>
<lastmod>2012-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-unishippers-edition/ltl-freight-quotes-unishippers-edition-258-reflected-cross-site-scripting</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1070-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ig-shortcodes/ig-shortcodes-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-275-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-20T14:14:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-domain-redirect/wp-domain-redirect-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35128-authenticated-administrator-sql-injection-via-sliderid-parameter</loc>
<lastmod>2025-07-29T19:33:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexter-extension/nexter-extension-203-authenticatededitor-remote-code-execution-via-metabox</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-872-missing-authorization</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-converter-for-media/converter-for-media-optimize-images-convert-webp-avif-651-unauthenticated-server-side-request-forgery-via-src</loc>
<lastmod>2026-02-11T21:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-3928-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-08-04T18:51:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-37-authenticated-contributor-stored-cross-site-scripting-via-site-identity-block-attributes</loc>
<lastmod>2026-02-24T18:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/acerola/acerola-165-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-coupons/affiliate-coupons-173-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-locker/onepress-social-locker-562-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-online-users-stats/wp-online-users-stats-100-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-3311-missing-authorization-to-unauthenticated-business-information-export</loc>
<lastmod>2025-11-24T19:17:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lasa/lasa-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-394-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/huge-it-gallery-images-189-sql-injection</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-media-by-url/upload-media-by-url-107-cross-site-request-forgery-via-umbu_download</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/education-lms/education-lms-007-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/redux-framework-4412-4417-unauthenticated-json-file-upload-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T12:05:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirection-114-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-212-authenticated-admin-stored-cross-site-scripting-via-backup-title</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/shop-261-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-watermark/dx-watermark-104-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-1532-reflected-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quietly-insights/quietly-insights-122-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsimpletools-log-viewer/basic-log-viewer-104-cross-site-request-forgery-via-wpst_lw_viewer</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-172-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41024-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getsocial/getsocial-201-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/extra/elegantthemes-123-privilege-escalation</loc>
<lastmod>2016-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2161-authenticated-job-poster-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-a-room-event-calendar/book-a-room-event-calendar-19-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-23T16:40:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-banner-slider/b-banner-slider-11-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-crypto-shortcodes/simple-crypto-shortcodes-102-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-23T19:16:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-activities/booking-activities-116481-missing-authorization</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/muzaara-adwords-optimize-dashboard/optimize-your-campaigns-google-shopping-google-ads-google-adwords-31-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup/simple-popup-images-186-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3180-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240704-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-154-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chart-builder-196-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-malware-removal/malcure-malware-scanner-1-toolset-for-wordpress-malware-removal-168-missing-authorization-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catablog/catablog-170-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-customizer-light/product-customizer-light-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-catalog-feed/product-catalog-feed-by-pixelyoursite-210-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmenu/hero-mega-menu-responsive-wordpress-menu-plugin-1165-reflected-cross-site-scripting</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-export-and-more-for-woocommerce/order-export-for-woocommerce-324-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilogic-accessibility/accessibility-press-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio2-html5/responsive-html5-audio-player-pro-with-playlist-357-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexos/nexos-real-estate-17-reflected-cross-site-scripting</loc>
<lastmod>2020-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-314-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-modern-events-calendar-bookings-and-tickets-4047-unauthenticated-stored-cross-site-scripting-via-transaction-log</loc>
<lastmod>2024-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/string-locator/string-locator-265-reflected-cross-site-scripting</loc>
<lastmod>2024-08-23T13:40:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-best-woocommerce-wallet-system-with-cashback-rewards-partial-payment-wallet-refunds-1410-missing-authorization-to-authenticated-subscriber-user-email-export</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shmapper-by-teplitsa/shmapper-by-teplitsa-1418-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/wordpress-real-cookie-banner-gdpr-dsgvo-eprivacy-cookie-consent-2142-cross-site-request-forgery</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ketchup-restaurant-reservations/ketchup-restaurant-reservations-100-unauthenticated-sql-injection</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-365-cross-site-request-forgery</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hack-me-if-you-can/hack-me-if-you-can-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mesmerize/mesmerize-16120-cross-site-request-forgery-to-cache-clearing</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-all-in-one-woo-cart/th-side-cart-and-menu-cart-for-woocommerce-111-cross-site-request-forgery</loc>
<lastmod>2023-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-notes-plus/plugin-notes-plus-126-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-380-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-crm-5431-missing-authorization</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-276-unauthenticated-admin-account-creation</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-438-reflected-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-3915-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jonradio-private-site/my-private-site-307-cross-site-request-forgery</loc>
<lastmod>2022-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gravel/gravel-16-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-173-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proquoter/pro-quoter-plugin-10-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-addon-for-elementor-page-builder-wordpress-plugin-790-authenticatedcontributor-stored-cross-site-scripting-via-wrapper-link-url</loc>
<lastmod>2024-07-31T16:46:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chapa-payment-gateway-for-woocommerce/chapa-payment-gateway-plugin-for-woocommerce-103-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-02-03T19:32:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-discord-integration/miniorange-discord-integration-215-missing-authorization-to-plugin-options-update</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-31433-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-testimonials/quick-testimonials-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T16:10:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-cards-gift-vouchers-and-packages-woocommerce-supported-449-missing-authorization-to-unauthenticated-price-date-and-note-updates</loc>
<lastmod>2025-02-19T21:09:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-google-plus-one-social-share-button/add-google-1-plus-one-social-share-button-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-post-shortcode/latest-post-shortcode-1421-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-request-a-quote/yith-request-a-quote-for-woocommerce-163-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rizzi-guestbook/rizzi-guestbook-401-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-153-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-current-date/shortcode-for-current-date-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onceki-yazi-linki/nceki-yaz-link-13-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosaleen/rosaleen-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3251-unauthenticated-arbitrary-sql-execution</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-get-contents/jsm-file_get_contents-shortcode-270-authenticated-contributor-server-side-request-forgery-via-shortcode</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-21012-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-309-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-food-ordering-system-table-reservation-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emaurri/emaurri-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-anything/carousel-anything-for-wpbakery-page-builder-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1712-cross-site-request-forgery</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/benevolent/benevolent-139-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4380-unauthenticated-information-exposure</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woomotiv/live-sales-notification-for-woocommerce-woomotiv-363-reflected-cross-site-scripting</loc>
<lastmod>2025-12-05T17:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-alidropship/ald-aliexpress-dropshipping-and-fulfillment-for-woocommerce-premium-110-sensitive-information-disclosure</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockholm-core/stockholm-core-241-reflected-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-494-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-721-sensitive-information-exposure-via-backup-filenames</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-hidecollapse-expand/show-hide-collapse-expand-125-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-383-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T19:11:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-2712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipepress-reloaded/recipepress-reloaded-2120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:43:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-learning-management-system-for-wordpress-4962-unauthenticated-arbitrary-file-read-and-deletion</loc>
<lastmod>2024-11-08T17:34:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eona/eona-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-google-social-profiles-to-knowledge-graph-box/add-google-social-profiles-to-knowledge-graph-box-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-html-tinymce-button/download-html-tinymce-button-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-round-robin-lead-distribution/contact-form-7-round-robin-lead-distribution-121-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-313-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-elementor/music-player-for-elementor-246-authenticated-contributor-stored-cross-site-scripting-via-album_buy_url-parameter</loc>
<lastmod>2025-06-02T22:20:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/formula/formula-051-reflected-cross-site-scripting-via-ti_customizer_notify_dismiss_recommended_plugins</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19953-authenticated-instructor-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4114-reflected-cross-site-scripting</loc>
<lastmod>2024-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1292-authenticated-contributor-stored-cross-site-scripting-via-forminator_form-shortcode</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-plugin-for-wordpress/file-manager-plugin-for-wordpress-75-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-510-unauthenticated-arbitrary-file-move-via-move_temp_file_to_upload_dir</loc>
<lastmod>2026-04-01T16:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activedemand/activedemand-0227-missing-authorization-checks</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-import-export/import-export-customizer-settings-103-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-470-authenticated-subscriber-arbitrary-folder-name-update</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-2101-authenticated-contributor-stored-dom-based-cross-site-scripting-via-fancybox-5-javascript-library</loc>
<lastmod>2025-04-02T23:40:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-dribbble-portfolio/gs-shots-for-dribbble-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/CF7-mailchimp-addon/cf7-7-mailchimp-add-on-24-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-156-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-120-missing-authorization-to-post-term-and-user-meta-deletion</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-631-cross-site-request-forgery</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ludos-paradise/ludos-paradise-213-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1147-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-32132-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery</loc>
<lastmod>2025-01-13T17:58:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-258-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-21T16:28:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-869-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pending-order-bot/pending-order-bot-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-team-member-showcase-meet-the-team-plugin-513-missing-authorization-to-authenticated-subscriber-tracking-opt-inopt-out-modification</loc>
<lastmod>2025-12-12T14:37:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/selection-lite/selection-lite-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11540-unauthenticated-stored-cross-site-scripting-via-matrix-field-text-box</loc>
<lastmod>2026-04-13T13:52:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/re-pro/real-estate-pro-109-authenticated-admin-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-04-21T19:15:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-tree-page-view/cms-tree-page-view-167-reflected-cross-site-scripting-via-post_type</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4244-free-and-2275-premium-unauthenticated-sql-injection</loc>
<lastmod>2025-05-12T14:38:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/mailoptin-12490-missing-authorization-to-cache-deletion</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-guppy/wp-guppy-13-information-disclosure</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2844-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-pro/portfolio-filterable-masonry-portfolio-gallery-for-professionals-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T10:39:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-by-lisa-westlund/portfolio-plugin-204-cross-site-request-forgery</loc>
<lastmod>2012-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-817-authenticated-author-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/power-mag/power-mag-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-287-missing-authorization</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently/recently-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-block-ips/block-ips-for-gravity-forms-101-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gAppointments/gappointments-appointment-booking-addon-for-gravity-forms-197-reflected-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-block-spam-users-comments-forms-20244-cross-site-request-forgery-csrf-via-sfs_process</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acurax-social-media-widget/social-media-widget-by-acurax-22-stored-cross-site-scripting</loc>
<lastmod>2015-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pricing-table/woocommerce-pricing-product-pricing-109-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-44-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-related-posts/custom-related-posts-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigbuy-wc-dropshipping-connector/bigbuy-dropshipping-connector-for-woocommerce-205-unauthenticated-ip-spoofing-to-phpinfo-exposure</loc>
<lastmod>2025-11-20T20:01:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/switch-cta-box/switch-cta-box-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-04-21T19:06:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-529-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-notification-bar/wpfront-notification-bar-332-authenticated-admin-stored-cross-site-scripting-via-wpfront-notification-bar-optionscustom_class</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brodos-net-onlineshop/brodosnet-onlineshop-plugin-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:44:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-126-incorrect-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2025-12-25T11:05:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-location-for-wp-job-manager/auto-location-for-wp-job-manager-via-google-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mediatagger/wp-mediatagger-411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-backup-restore-database-by-sunbytes/1-click-backup-amp-restore-database-103-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-team-member/ht-team-member-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscription-forms/wp-subscription-forms-123-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberful-wp/memberful-1739-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottiefiles/lottiefiles-lottie-block-for-gutenberg-300-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-13T16:45:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-170-multiple-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oganro-reservation-widget/xml-travel-portal-widget-20-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-243-multiple-cross-site-request-forgery</loc>
<lastmod>2015-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-61813-authenticated-editor-remote-code-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-chat-for-whatsapp/click-to-chat-318-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-to-text/export-to-text-24-unauthenticated-post-export</loc>
<lastmod>2022-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aumenu/aumenu-115-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-214-authenticated-contributor-stored-cross-site-scripting-via-slitems-attribute</loc>
<lastmod>2024-05-30T14:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-169-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-analytics/universal-analytics-130-cross-site-scripting</loc>
<lastmod>2016-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-with-carousel/image-hover-effects-plugin-caption-hover-with-carousel-28-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upg/user-post-gallery-upg-219-missing-authorization-to-remote-command-execution</loc>
<lastmod>2022-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-ispring/ispring-embedder-10-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-130-authenticated-contributor-stored-cross-site-scripting-via-youzify_media-shortcode</loc>
<lastmod>2024-10-09T13:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygen-mydata/oxygen-mydata-for-woocommerce-1064-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/residential-address-detection/residential-address-detection-254-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-open-redirect</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uniconsent-cmp/uniconsent-cookie-consent-cmp-for-gdpr-ccpa-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8110-authenticated-contributor-stored-cross-site-scripting-via-question-title</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-917-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-upsell-and-order-bumps/upsellwp-woocommerce-upsell-and-related-products-offers-224-authenticated-shop-manager-sql-injection</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-password-changer/lh-password-changer-155-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homeo/homeo-1259-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulimate-client-dash/ultimate-client-dash-47-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stm-motors-events/motors-events-147-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2274-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-user-roles/premmerce-user-roles-1013-missing-authorization</loc>
<lastmod>2025-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-183-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zalo-live-chat/zalo-live-chat-110-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership-wp-user-import/simple-membership-wp-user-import-191-cross-site-request-forgery</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/revivenews/revivenews-102-missing-authorization-via-revivenews_install_and_activate_plugins</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js-external-link-info/wp-js-external-link-info-121-cross-site-scripting</loc>
<lastmod>2014-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-620-cross-site-request-forgery-via-apbct_settings__update_account_email</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2135-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stumble-for-wordpress/stumble-for-wordpress-111-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-06T20:32:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soho/soho-photography-wordpress-303-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/wp-google-map-180-subscriber-arbitrary-post-deletion-and-plugin-settings-update</loc>
<lastmod>2021-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-page-hierarchy/interactive-page-hierarchy-101-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2211-cross-site-request-forgery</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptiondna/subscription-dna-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spreadplugin/wp-spreadplugin-489-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4162-authenticated-contributor-stored-cross-site-scripting-via-malicious-svg</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maxify/maxify-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erima-zarinpal-donate/erima-zarinpal-donate-10-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wp-shop-260-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-grid/featured-posts-grid-17-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-uucss_update_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/discy/discy-social-questions-and-answers-wordpress-theme-49-missing-authorization</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-form-builder-lite/ultimate-form-builder-lite-137-cross-site-scripting</loc>
<lastmod>2018-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2121-local-file-inclusion</loc>
<lastmod>2016-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-2513-information-exposure-via-log-files</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-12-reflected-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-pro-454-free-227-missing-authorization-to-arbitrary-post-meta-update-via-evo_eventpost_update_meta</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-117-multiple-reflected-cross-site-scripting</loc>
<lastmod>2015-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-254-cross-site-scripting</loc>
<lastmod>2020-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-116-authenticated-contributor-sensitive-information-exposure-via-content-slider-and-tabs-widget-elementor-template</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thebi/thebi-105-reflected-cross-site-scripting</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscription/subscription-recurring-payment-for-woocommerce-191-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-favicon/all-in-one-favicon-47-authenticatedadmin-directory-traversal</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-iframe/auto-iframe-17-authenticated-author-stored-cross-site-scripting-via-tag-parameter</loc>
<lastmod>2024-10-08T17:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/user-extra-fields-170-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mailing-queue/smtp-mailing-queue-147-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-recent-post/vertical-scroll-recent-post-140-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-1915-unauthenticated-sql-injection-via-user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-svg/safe-svg-195-cross-site-scripting</loc>
<lastmod>2019-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-support-ticket-system-226-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-maintenance-mode-coming-soon/easy-maintenance-mode-142-information-exposure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wah-forms/wah-forms-10-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-various-versions-missing-authorization</loc>
<lastmod>2020-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unseen-blog/unseen-blog-100-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1392-missing-authorization-to-unauthenticated-file-deletion</loc>
<lastmod>2026-01-14T18:17:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bridge/bridge-creative-multipurpose-wordpress-theme-112-cross-site-scripting</loc>
<lastmod>2017-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/manufactory/manufactory-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjafirewall/ninjafirewall-433-authenticated-phar-deserialization</loc>
<lastmod>2021-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vform-3114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-487-authenticated-contributor-svg-upload-to-local-file-inclusion-remote-code-execution</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12405-authenticated-subscriber-sql-injection-via-search-parameter</loc>
<lastmod>2025-03-06T22:02:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-locations/google-map-locations-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dadevarzan-common/dadevarzan-wordpress-common-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmunch/newsmunch-1035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/wpschoolpress-224-cross-site-request-forgery</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-inline-form-woocommerce-271-272-missing-authorization-to-arbitrary-options-exposure</loc>
<lastmod>2024-06-05T19:24:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cortex/cortex-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fuse-social-floating-sidebar/fuse-social-floating-sidebar-5410-authenticated-author-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-08-07T17:11:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1352-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3616-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-3030-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-223-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affs/sumo-affiliates-pro-1110-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-inspector/plugin-inspector-15-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-1130-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3210-insecure-direct-object-reference-to-authenticated-contributor-stored-cross-site-scripting-via-template-conditions</loc>
<lastmod>2026-03-10T19:04:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-762-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirki/kirki-606-missing-authorization-to-authenticated-subscriber-sensitive-form-submission-data-exposure-via-kirki_wp_admin_get_apis-action</loc>
<lastmod>2026-05-19T06:22:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-615-directory-traversal</loc>
<lastmod>2016-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-landing-page-popupx-marketing-automation-affiliate-marketing-44-cross-site-request-forgery-via-init_endpoint</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vod-infomaniak/vod-infomaniak-159-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scraper/wp-scraper-57-missing-authorization-to-arbitrary-pagepost-creation</loc>
<lastmod>2024-05-21T18:42:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mitech/mitech-234-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-15-154-sql-injection</loc>
<lastmod>2012-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templazee/templazee-102-missing-authorization</loc>
<lastmod>2025-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-57263-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1542-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-my-blog/favicon-my-blog-102-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelcockpit/funnelcockpit-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inprosysmedia-likes-dislikes-post/likes-and-dislikes-plugin-100-unauthenticated-sql-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-203-reflected-cross-site-scripting</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-counter/alex-user-counter-60-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hidepost/hidepost-238-cross-site-request-forgery</loc>
<lastmod>2025-09-26T18:33:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-279-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visit-counter/visit-counter-10-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-paypal-for-woocommerce/skt-paypal-for-woocommerce-14-unauthenticated-payment-bypass</loc>
<lastmod>2025-11-26T16:26:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-763-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-34-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-premium/gp-premium-240-reflected-cross-site-scripting</loc>
<lastmod>2024-06-04T19:49:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-121-cross-site-request-forgery-to-whitelist-update</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1290-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five-minute-webshop/five-minute-webshop-132-authenticated-admin-sql-injection-via-id</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3333-authenticated-contributor-stored-dom-based-cross-site-scripting-via-text-path</loc>
<lastmod>2025-12-15T22:04:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/umberto/umberto-128-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-jquery-migrate-helper/enable-jquery-migrate-helper-141-missing-authorization-to-authenticated-subscriber-jquery-version-downgrade</loc>
<lastmod>2026-05-26T17:35:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-307-missing-authorization</loc>
<lastmod>2019-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg-image-allow/easy-svg-allow-10-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activation-email/user-activation-email-130-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-re-order/wp-posts-re-order-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/smart-agenda-prise-de-rendez-vous-en-ligne-46-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wp-455-unauthenticated-sql-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-express/express-payment-for-stripe-1280-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-05T10:34:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1913-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-10web/seo-by-10web-126-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paygreen-woocommerce/paygreen-ancienne-version-4102-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mortgage-loan-calculator/mortgage-calculator-loan-calculator-1520-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:44:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-podcast/penci-podcast-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rebuild-permalinks/rebuild-permalinks-16-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-11263-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0940-authenticated-author-stored-cross-site-scripting-via-catlist-shortcode</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutensee/gutensee-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/srbtranslatin-320-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-open-street-map/wp-open-street-map-125-cross-site-request-forgery-via-wp_openstreetmaps</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-modal/easy-modal-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-11T13:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rozy/rozy-flower-shop-1225-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4618-directory-traversal</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webman-amplifier/webman-amplifier-1512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/your-simple-svg-support/your-simple-svg-support-101-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-24T21:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-recipes/recipe-cards-for-your-food-blog-from-zip-recipes-827-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/nd-restaurant-reservations-13-options-change</loc>
<lastmod>2019-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ready-ecommerce/ready-ecommerce-shopping-cart-051-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration-calendar-by-vcita/event-registration-calendar-by-vcita-131-online-payments-get-paid-with-paypal-square-stripe-391-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miwoftp/miwoftp-106-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mella/mella-1229-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-331-same-origin-policy-bypass</loc>
<lastmod>2012-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-tweets-widget-212-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-robot/wordpress-video-robot-the-ultimate-video-importer-1200-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-online-courses-elearning-pro-plus-479-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toggle-the-title/toggle-the-title-14-cross-site-scripting</loc>
<lastmod>2019-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waymark/waymark-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-exit-box-lite/wordpress-exit-box-lite-106-full-path-dislcosure</loc>
<lastmod>2013-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/werkstatt/werkstatt-483-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-177-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-391-xml-external-entity-xxe-weakness</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-062-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-217-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vegas-fullscreen-background-slider/wp-vegas-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-page-builder-556-reflected-cross-site-scripting-via-wp-login-and-register-widget</loc>
<lastmod>2024-06-20T14:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lekker/lekker-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6102-missing-authorization</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-citilights/support-for-citilights-real-estate-wordpress-theme-371-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-search/bp-profile-search-575-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-08-19T13:39:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/custom-product-tabs-for-woocommerce-185-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2025-01-06T15:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs-manager/faqs-manager-10-sql-injection</loc>
<lastmod>2013-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-slideshow/layer-slider-1197-cross-site-request-forgery-via-save_slide_ajax</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zen-mobile-app-native/wordpress-plugin-mobile-app-native-30-30-arbitrary-file-upload</loc>
<lastmod>2017-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bard-extra/bard-extra-127-missing-authorization-to-authenticated-subscriber-demo-import</loc>
<lastmod>2024-11-20T13:55:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-any-extension-to-pages/add-any-extension-to-pages-13-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biblesupersearch/bible-supersearch-601-authenticated-contributor-stored-cross-site-scripting-via-selector_height-parameter</loc>
<lastmod>2025-08-20T20:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-sso-login-premium-multisite-2007-open-redirect</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-n-drop-upload-cf7-pro/drag-and-drop-multiple-file-upload-pro-2109-directory-traversal</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userback/userback-1015-missing-authorization-to-authenticated-subscriber-plugins-configuration-exposure</loc>
<lastmod>2025-12-12T16:08:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpl-publisher/phprelativepath-library-various-plugins-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1150-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buttons-x/button-builder-buttons-x-086-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-horas/control-horas-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/depot/depot-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-product-limit-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezyonlinebookings-online-booking-system/ezyonlinebookings-online-booking-system-widget-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pro/blog-designer-pro-347-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-star-ratings/kk-star-ratings-545-missing-authorization</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder-by-bitware/easy-form-builder-10-arbitrary-file-upload</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinycode/tinycode-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1520-missing-authorization-to-unauthenticated-stripe-paymentintent-reuse-underpayment-bypass-via-paymentid-parameter</loc>
<lastmod>2026-05-04T17:34:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-299-reflected-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-115-missing-authorization-to-unauthenticated-form-submission</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-tool/debug-tool-22-missing-authorization-to-information-exposure</loc>
<lastmod>2024-11-08T14:06:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/min-and-max-purchase-for-woocommerce/min-and-max-purchase-for-woocommerce-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cgc-maintenance-mode/cgc-maintenance-mode-12-ip-spoofing</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-257-unauthenticated-sql-injection</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crontrol/wp-crontrol-1161-remote-code-execution</loc>
<lastmod>2024-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnisend-connect/email-marketing-for-woocommerce-by-omnisend-1190-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/izooto-web-push/izooto-3720-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-422-cross-site-scripting</loc>
<lastmod>2014-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33101-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-organizer/admin-menu-organizer-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-plugin/bestwebsofts-twitter-255-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11518-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rupantorpay/rupantorpay-200-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-27T21:47:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fusion-lite/wp-fusion-lite-marketing-automation-and-crm-integration-for-wordpress-34210-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3101-missing-authorization-via-add_row_actions</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-ultimate-addon/ultimate-addons-for-beaver-builder-13514-authenticatedcontributor-privilege-escalation</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-einzeltitellinks/amazon-einzeltitellinks-133-cross-site-request-forgery-to-arbitrary-settings-update</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-41116-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-signature-upload-to-orders</loc>
<lastmod>2026-01-16T14:36:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/posterity/posterity-33-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1319-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpine-photo-tile-for-instagram/alpine-phototile-for-instagram-129-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/responsive-tabs-406-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9150-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-page-publication/whitepage-115-cross-site-request-forgery-via-params_api_formphp</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant/wordpress-assistant-152-reflected-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightweight-accordion/lightweight-accordion-1514-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-fans-paysite-paid-creator-subscriptions-digital-assets-tokens-wallet-2929-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-integration-365/wpo365-mail-integration-for-office-365-outlook-190-reflected-cross-site-scripting-via-error_description</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vedrixa-forms-registration-builder/vedrixa-forms-111-missing-authorization-to-authenticated-subscriber-arbitrary-form-structure-modification-via-wefb_save_form_structure-ajax-action</loc>
<lastmod>2026-05-21T19:24:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autocatset/autocatset-214-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:53:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1373-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-sms-notifications/ultimate-sms-notifications-for-woocommerce-141-csv-injection</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-users-from-csv-with-meta-112-import-cross-site-scripting</loc>
<lastmod>2018-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bertha-ai-free/bertha-ai-plugin-111107-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-plugin-for-wordpress-307-unauthenticated-sql-injection</loc>
<lastmod>2025-12-12T18:31:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-216-unauthenticated-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-97-information-disclosure</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdv-one-page-docs/wdv-one-page-docs-124-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-album/audio-album-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-216-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-wordpress-virtual-event-calendar-plugin-5011-unauthenticated-blind-sql-injection-via-search-parameter</loc>
<lastmod>2026-06-29T20:41:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fushion-theme/fusion-21-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-1990-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-files-youtube-twitter-instagram-tiktok-ecommerce-contest-gallery-upload-vote-sell-via-paypal-social-share-buttons-26001-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T16:40:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popularis-extra/popularis-extra-127-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nepali-date-utilities/nepali-date-utilities-1013-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogmarks/blogmarks-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitterdash/twitterdash-21-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-stream/review-stream-165-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-177-missing-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-code-checker/run-contests-raffles-and-giveaways-with-contestswp-203-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edublink/edublink-207-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-wordpress-migration-plugin-044-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-for-wordpress-3041-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-554-authenticated-contributor-stored-cross-site-scripting-via-progress-bar-header-meta-content-scroll-navigation-pricing-table-flip-box</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-images/instant-images-one-click-unsplash-pixabay-and-pexels-uploads-440-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tabber-widget/wp-tabber-widget-40-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/wp-front-user-submit-front-editor-493-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-lightbox/wpb-quick-view-for-woocommerce-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/my-sticky-elements-233-missing-authorization-to-authenticated-subscriber-arbitrary-bulk-lead-deletion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/void-elementor-post-grid-addon-for-elementor-page-builder-2110-missing-authorization-to-review-notice-dismissal</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-fancybox/easy-fancybox-1817-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neom-blog/neom-blog-009-reflected-cross-site-scripting</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/everse/multiple-deothemes-themes-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-444-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-383-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-24T17:20:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack-pro/all-in-one-seo-pro-4251-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-cloak-affiliate-links/woocommerce-cloak-affiliate-links-1035-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-users-order/custom-users-order-42-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/sirv-722-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miraculous-el/miraculous-elementor-207-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-x/contact-form-x-24-reflected-cross-site-scripting</loc>
<lastmod>2022-02-25T15:41:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avventure/avventure-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/welcome-email-editor/swift-smtp-506-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-6105-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-125-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ez-form-calculator/ez-form-calculator-21403-reflected-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360deg-javascript-viewer/360-javascript-viewer-1712-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1334-authenticated-feedback-submission</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/am-login-logo/logo-changer-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quadmenu/wordpress-mega-menu-quadmenu-320-cross-site-request-forgery-to-limited-user-meta-update</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-infinite-scroll-load-more-lazy-load-784-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-108-missing-authorization-in-upload-and-delete_file</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-320-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gbteamstats/gb-team-stats-151-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-27-reflected-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-704-authenticated-contributor-stored-cross-site-scripting-via-note_color-shortcode</loc>
<lastmod>2024-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-emberdder/document-embedder-178-subscriber-arbitrary-privatedraft-post-title-disclosure</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-footer-code/jet-footer-code-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-yourmembership/login-with-yourmembership-ym-sso-login-117-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-moym_display_test_attributes</loc>
<lastmod>2025-10-14T19:58:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-reflected-cross-site-scripting</loc>
<lastmod>2018-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor-builder/vertex-addons-for-elementor-164-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation-and-activation-via-afeb_activate_required_plugins</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-468-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-attach_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debtcom-business-in-a-box/debtcom-business-in-a-box-410-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:36:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-logic-visual/widget-logic-visual-152-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wp-portfolio/wp-portfolio-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/book-landing-page/book-landing-page-127-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2285-233-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-14T21:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-531-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hybrid-composer/hybrid-composer-146-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpik-wordpress-basic-ajax-form/wpik-wordpress-basic-ajax-form-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-11T15:09:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-99601-authenticated-contributor-stored-cross-site-scripting-via-classname</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbi-referral-manager/cbi-referral-manager-121-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-fade-popup/cool-fade-popup-101-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-integration-for-emailoctopus/eo4wp-1081-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-elegant-testimonial/wp-elegant-testimonial-116-cross-site-scripting</loc>
<lastmod>2020-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/allure-real-estate-theme-for-placester/allure-real-estate-theme-for-placester-011-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/english-wp-admin/english-wordpress-admin-1511-unauthenticated-open-redirect</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21034-authenticated-contributor-stored-cross-site-scripting-via-services-and-post-type-grid-widgets</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuxedo-big-file-uploads/big-file-uploads-212-authenticated-author-full-path-disclosure</loc>
<lastmod>2024-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-social-login/wechat-social-login-130-authentication-bypass</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-demo-importer/ultra-demo-importer-105-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ycontributors/ycontributors-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T12:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-213-missing-access-controls</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1211-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-204-2021-missing-authorization</loc>
<lastmod>2019-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omplag/complag-102-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-294-authorization-bypass-due-to-improper-access-control</loc>
<lastmod>2020-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-232-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdl-shortcodes/modern-design-library-114-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2025-06-25T20:44:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-1685-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-686-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3213-missing-authorization-to-sensitive-information-exposure-in-search_posts</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1027-authenticated-settings-reset-via-reset-cmb-parameter</loc>
<lastmod>2019-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-252-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-xml-sitemap/simple-xml-sitemap-13-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-booking-calendar-20198-reflected-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-370-authenticated-contributor-malicious-redirect-via-http-equiv-injection</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-team-manager/wordpress-team-manager-2112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-types/wp-easy-post-types-144-authenticated-contributor-stored-cross-site-scripting-via-post-meta</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spa-and-salon/spa-and-salon-132-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-custom-templates-lite/post-custom-templates-lite-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2722-cross-site-request-forgery</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-202117-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-watchdog/login-watchdog-104-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-icons-281-missing-authorization-via-handle_installation</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-212-authenticated-manager-sql-injection-via-sort-parameter</loc>
<lastmod>2026-03-31T10:30:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-link-pages/social-link-pages-link-in-bio-landing-pages-for-your-social-media-profiles-169-missing-authorization-to-arbitrary-page-creation-and-cross-site-scripting</loc>
<lastmod>2024-06-03T17:10:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-velocity-minify/fast-velocity-minify-351-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T18:28:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-364-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-534-missing-authorization-via-openai_file_list_callback</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-email-customizer-for-woocommerce/make-email-customizer-for-woocommerce-105-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mailchimp-for-wordpress-4010-reflected-cross-site-scripting</loc>
<lastmod>2016-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gallery-with-filter/simple-gallery-with-filter-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-publications/wp-publications-11-local-file-inclusion</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lemmony/lemmony-171-cross-site-request-forgery</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-review/wp-product-review-lite-375-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3130-missing-authorization</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resads/resads-206-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2025-01-08T22:09:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uni-woo-custom-product-options-premium/product-options-and-price-calculation-formulas-for-woocommerce-uni-cpo-premium-4955-unauthenticated-arbitrary-file-upload-via-uni_cpo_upload_file</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-all-in-one-woo-cart/th-side-cart-and-menu-cart-for-woocommerce-111-missing-authorization</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elite-video-player/elite-video-player-1005-reflected-cross-site-scripting</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-wordpress-gutenberg-blocks-199-authenticated-contributor-stored-cross-site-scripting-via-section_tag-parameter</loc>
<lastmod>2025-01-29T20:00:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-widget-for-ultimate-member/login-widget-for-ultimate-member-112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizz-plugins/whizz-plugins-19-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-window-music-player/floating-window-music-player-342-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-429-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awsa-shipping/awsa-shipping-130-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-293-294-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-30T16:06:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-namad-shamed-logo-manager/e-namad-amp-shamed-logo-manager-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-710-902-authenticated-custom-improper-privilege-management-to-role-privilege-escalation-via-settings-update</loc>
<lastmod>2026-03-10T21:02:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-370-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsmaster/smsmaster-multipurpose-sms-gateway-for-wordpress-all-versions-authenticated-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-plugin-pro/salon-booking-system-pro-103012-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-429991-directory-traversal</loc>
<lastmod>2019-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-deleteredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-1910-authenticated-contributor-local-file-inclusion-via-theme</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-1118-stored-cross-site-scripting</loc>
<lastmod>2018-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-restaurant-menu-by-pricelisto/best-restaurant-menu-by-pricelisto-131-cross-site-request-forgery-via-menu_page</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/networker/networker-tech-news-wordpress-theme-with-dark-mode-119-missing-authorization</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3356-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-social-photo-feed-1113-cross-site-request-forgery-to-back-up-deletion</loc>
<lastmod>2019-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9300-authenticated-student-local-file-inclusion</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11532-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-fb-autoconnect-463-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1724-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-402-missing-authorization</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go_pricing/go-pricing-wordpress-responsive-pricing-tables-3319-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-a-restaurant-plugin-31813-reflected-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-1001-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/increase-upload-file-size-maximum-execution-time-limit/increase-upload-file-size-maximum-execution-time-limit-20-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-quotation/free-quotation-316-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:56:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-wp-by-pushassist/push-notifications-for-wordpress-by-pushassist-308-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-126-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-community-and-user-profile-wordpress-plugin-5111-cross-site-request-forgery</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-star-ratings/kk-star-ratings-543-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedin-sc/linkedin-sc-119-authenticated-administrator-stored-cross-site-scripting-via-settings-page</loc>
<lastmod>2026-01-13T17:32:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newscrunch/newscrunch-184-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-03-03T15:46:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-and-accordion-slider/accordion-and-accordion-slider-145-missing-authorization-to-authenticated-contributor-attachment-metadata-modification</loc>
<lastmod>2026-02-13T18:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-220-missing-authorization</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify-moderation/buddypress-moderation-125-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-tube/hdw-wordpress-video-gallery-12-reflected-cross-site-scripting-via-channel-parameter</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11031-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-missing-authorization-to-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-skill-bar/skt-skill-bar-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myflash/myflash-111-remote-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayers-request/wp-prayer-ii-247-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-419-sensitive-information-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-e-commerce-shopping-cart/simple-ecommerce-shopping-cart-plugin-sell-products-through-paypal-312-missing-authorization-to-authenticated-subscriber-settings-update-data-access</loc>
<lastmod>2024-12-06T21:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-sheets-connector-pro/cf7-google-sheets-connector-501-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-account-creation</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-469-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suki-sites-import/suki-sites-import-121-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:45:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-preloader/ai-preloader-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-421-4212-unprotected-ajax-actions</loc>
<lastmod>2020-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-452-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-scrolling-enllax-js/parallax-scrolling-enllaxjs-006-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awebooking/awebooking-3226-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-puzzle-captcha/wp-forms-puzzle-captcha-41-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-official/email-marketing-for-wordpress-by-getresponse-official-153-missing-authorization</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-4107-unauthorized-account-access-and-privilege-escalation</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxaddcategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_preload_single_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-social-share/wbcom-designs-buddypress-activity-social-share-350-cross-site-request-forgery</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/multiple-plugins-by-crocoblock-various-versions-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-photo-reviews/woocommerce-photo-reviews-144-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-wordpress-gutenberg-blocks-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-video-gallery/video-gallery-api-gallery-youtube-and-vimeo-link-gallery-153-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-5212-5213-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-146-authenticated-subscriber-authorization-bypass-via-user-controlled-key-to-wooc_order_user_roles-parameter</loc>
<lastmod>2026-05-27T14:49:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dominokit/dominokit-110-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-03T15:31:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-gateway-paysera/woocommerce-payment-gateway-paysera-3100-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-773-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-31427-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-235-missing-authorization-to-unauthenticated-limited-file-uploads-and-conversation-erasing</loc>
<lastmod>2025-10-17T19:09:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-multi-criteria-rating-reviews-for-woocommerce-1628-insufficient-input-validation</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gptranslate/gptranslate-231-unauthenticated-stored-cross-site-scripting-via-rest-api-translation-storage</loc>
<lastmod>2026-06-12T17:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/location-weather/location-weather-133-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2725-authenticated-admin-php-object-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberlite-shortcodes/memberlite-shortcodes-139-authenticated-contributor-stored-cross-site-scripting-via-memberlite_accordion-shortcode</loc>
<lastmod>2024-11-22T21:03:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olevmedia-shortcodes/olevmedia-shortcodes-118-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-3141-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-157-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-803-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmash/postmash-custom-post-order-120-unauthenticated-sql-injection</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boost/boost-203-unauthenticated-blind-sql-injection-via-multiple-parameters</loc>
<lastmod>2026-05-19T14:25:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21516-authenticated-subscriber-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-05-19T12:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1369-missing-authorization</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-tag-manager/wp-google-tag-manager-11-cross-site-request-forgery</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-092-missing-authorization</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ms-registration/custom-login-and-registration-100-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tangible-loops-and-logic/loops-logic-414-reflected-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-artillery/email-artillery-mass-email-41-arbitrary-file-upload</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-wordpress-booking-plugin-2714-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-hackers-diet/the-hackers-diet-096b-sql-injection</loc>
<lastmod>2007-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-responsive-wordpress-slideshows-3700-authenticated-contributor-stored-cross-site-scripting-via-metaslider-shortcode</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-lister-ebay/product-lister-for-ebay-209-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-439-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-477-authenticated-administrator-stored-cross-site-scripting-in-faq-builder</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bd-courier-order-ratio-checker/bd-courier-order-ratio-checker-201-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-for-eventbrite-api/display-eventbrite-events-656-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sweet-energy-efficiency/sweet-energy-efficiency-106-missing-authorization-to-authenticated-subscriber-arbitrary-graph-deletion</loc>
<lastmod>2025-12-17T23:38:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weekly-planner/weekly-planner-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T17:39:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-downloader/media-library-downloader-140-cross-site-request-forgery</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cgc-maintenance-mode/cgc-maintenance-mode-12-sensitive-information-exposure</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2128-authenticated-contributor-stored-cross-site-scripting-via-image-gallery-block</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geotagged-media/geotagged-media-030-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-site-access/webpack-js-package-5750-sandbox-bypass</loc>
<lastmod>2023-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poptics/poptics-1020-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tag-groups/wordpress-tag-cloud-plugin-tag-groups-203-missing-authorization-to-information-exposure</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5161-cross-site-request-forgery</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-459-authenticated-arbitrary-file-download</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-timeline/cool-timeline-horizontal-vertical-timeline-202-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1066-reflected-cross-site-scripting-via-_serverrequest_uri</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bard/bard-2229-missing-authorization</loc>
<lastmod>2025-10-31T15:58:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-sales-notifications-for-woocommerce/live-sales-notification-for-woocommerce-2339-missing-authorization-to-unauthenticated-customer-data-exposure</loc>
<lastmod>2025-11-17T20:54:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-page-contact-people/contact-us-page-contact-people-370-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-skins-contact-form-7/custom-skins-contact-form-7-10-missing-authorization-to-authenticated-subscriber-arbitrary-post-update-and-skin-creation</loc>
<lastmod>2024-12-11T15:19:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-food-menu/advance-food-menu-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-25-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecava-diot-scada/diot-scada-with-mqtt-1051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3910-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-sms/booking-calendar-clockwork-sms-105-reflected-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doppler-form/doppler-forms-251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-381-authenticated-subscriber-privilege-escalation-via-handlewplogincreateuseraction-function</loc>
<lastmod>2025-05-09T21:58:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream-status-for-twitch/streamweasels-online-status-bar-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trivialy/make-my-trivia-110-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-132-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-any-think/wpmk-ajax-finder-101-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-299-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-pro-wordpress-virtual-event-calendar-plugin-468-cross-site-request-forgery-via-admin_test_email</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mejorcluster/el-mejor-cluster-1115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spolecznosciowa-6-pl-2013/spoecznociowa-6-pl-2013-206-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-831-multiple-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2421-authenticated-remote-code-execution</loc>
<lastmod>2019-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/healthfirst/healthfirst-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flaming-forms/flaming-forms-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3392-reflected-cross-site-scripting-via-question</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-weather/awesome-weather-widget-302-reflected-cross-site-scripting-via-id-parameter</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3143-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T18:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/funnelkit-automations-email-marketing-automation-and-crm-for-wordpress-woocommerce-3641-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-04T21:17:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggator/taggator-154-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-450-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-searching/woocommerce-order-search-110-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-891-authenticated-custom-limited-code-execution-via-get_table_records-function</loc>
<lastmod>2025-05-07T21:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compute-links/compute-links-121-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-499-4916-reflected-cross-site-scripting</loc>
<lastmod>2024-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-popup/iframe-popup-33-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-wp-writer/ai-wp-writer-365-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-221-time-based-totp-attack-to-sensitive-information-exposure</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-15-stored-cross-site-scripting</loc>
<lastmod>2005-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-cross-site-scripting</loc>
<lastmod>2007-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-7311-sensitive-information-disclosure</loc>
<lastmod>2022-02-10T08:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-form/hash-form-128-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-for-woocommerce/xplainer-woocommerce-product-faq-woocommerce-accordion-faq-plugin-170-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/custom-admin-interface-740-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/eventcalendar-1145-cross-site-scripting</loc>
<lastmod>2021-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123-chat-videochat/123chat-video-chat-131-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-composite-products/woocommerce-composite-products-875-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luzuk-slider/luzuk-slider-015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-160-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumomemberships/sumo-memberships-for-woocommerce-780-cross-site-request-forgery</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/century-toolkit/century-toolkit-121-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nssuser-register/wp-nssuser-register-100-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-50-denial-of-service</loc>
<lastmod>2018-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accredible-certificates/accredible-certificates-open-badges-148-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-all-in-one/cart-all-in-one-for-woocommerce-1110-cross-site-request-forgery-to-cart-changes</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/light-poll/light-poll-100-cross-site-request-forgery-to-poll-answers-deletion</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp-me/rsvp-me-199-unauthenticated-sql-injection</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solid-affiliate/solid-affiliate-191-sensitive-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-video-store/photo-video-store-2107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-hss-extension-for-streaming-video/woocommerce-hss-extension-for-streaming-video-331-reflected-cross-site-scripting-via-videolink-parameter</loc>
<lastmod>2025-01-06T16:04:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandprix/grandprix-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-4991-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-geo-maps/interactive-geo-maps-158-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-js-and-css/easy-custom-js-and-css-112-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-220-missing-authorization-via-rest-api</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-broken-images/broken-images-02-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-243-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-easy-eu-vat-taxes/easy-eu-value-added-vat-taxes-120-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/restaurant-reservations-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3-video/videojs-various-versions-cross-site-scripting</loc>
<lastmod>2015-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attendance-manager/attendance-manager-056-cross-site-request-forgery</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-104-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/paypal-donation-131-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-3995-missing-authorization-to-unauthenticated-event-ticket-download</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-popup-free/exit-popup-free-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3267-sql-injection</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-button_text_link-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2kb-amazon-affiliates-store/2kb-amazon-affiliates-store-215-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/hotel-booking-lite-4111-unauthenticated-php-object-injection</loc>
<lastmod>2024-05-10T09:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-simple-fields/search-simple-fields-02-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-05-26T17:23:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-pdf-embed/wonder-pdf-embed-16-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-tools/stock-tools-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:23:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-27-arbitrary-file-upload</loc>
<lastmod>2018-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oboxmedia-ads/oboxmedia-ads-198-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:22:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embedder/video-embedder-171-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-169-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/applay-shortcodes/applay-shortcodes-37-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5217-unauthenticated-sql-injection</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-135-unauthenticated-insecure-direct-object-reference-via-cookie</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/core-control/core-control-121-cross-site-request-forgery</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ux-flat/ux-flat-44-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moseter/moseter-131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slotti-ajanvaraus/slotti-ajanvaraus-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodpecker/woodpecker-for-wordpress-304-authenticated-contributor-stored-cross-site-scripting-via-form_name-shortcode-attribute</loc>
<lastmod>2026-01-08T21:54:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-font-awesome/wp-font-awesome-178-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-frases/vr-frases-collect-share-quotes-301-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-29T21:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-preview-emails/preview-e-mails-for-woocommerce-221-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicface-trombi/clicface-trombi-208-authenticated-contributor-stored-cross-site-scripting-via-nom-parameter</loc>
<lastmod>2025-02-28T15:27:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-310-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cackle/cackle-433-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-image-importer/url-image-importer-106-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-11-20T18:48:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-107-cross-site-request-forgery-to-customer-deletion</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posten-post-blocks/posten-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98810-stored-contributor-cross-site-scripting-in-cta-post</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-replacer-ultra/word-replacer-pro-10-missing-authorization-to-unauthenticated-arbitrary-content-update</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12215-object-injection</loc>
<lastmod>2020-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1344-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-free/easy-accordion-2120-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-149-authenticated-editor-stored-cross-site-scripting-via-category_name-description-description_2-parameters</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-badge-management/wpc-badge-management-for-woocommerce-240-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2312-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1510-authenticated-admin-local-file-inclusion</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-340-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-portfolio/penci-portfolio-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-icon/category-icon-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-11T20:10:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-tracker/email-tracker-email-tracking-plugin-to-track-emails-for-open-and-email-links-click-compatible-with-woocommerce-526-reflected-cross-site-scripting</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/property-hive-210-reflected-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-5010-unauthenticated-sql-injection</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo/eu-dsgvo-helper-1061-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-300-330-missing-authorization</loc>
<lastmod>2023-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-nab-dp/nab-transact-212-payment-system-bypass</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/belletrist/belletrist-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6086-authenticated-subscriber-authentication-bypass-via-forged-paypal-ipn-request</loc>
<lastmod>2026-06-26T18:09:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codoc/codoc-095112-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-album-gallery/my-album-gallery-104-authenticated-author-stored-cross-site-scripting-via-image-title</loc>
<lastmod>2026-01-06T20:39:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proranktracker/pro-rank-tracker-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-everything/search-everything-702-sql-injection</loc>
<lastmod>2014-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rainbownews/rainbownews-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phone-orders-for-woocommerce/phone-orders-for-woocommerce-371-cross-site-request-forgery</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-comments-webcam-recorder/html5-webcam-microphone-recorder-forms-155-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-2934-missing-authorization-via-wp_ajax_stm_wpcfto_get_settings</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-385-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiptime-discount-shipping/shiptime-discounted-shipping-rates-111-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-173-unauthenticated-php-object-injection-phar-triggered-via-admin-submission-deletion</loc>
<lastmod>2025-07-08T17:20:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-more/wp-show-more-107-authenticated-contributor-stored-cross-site-scripting-via-show_more-shortcode</loc>
<lastmod>2024-10-25T19:52:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-807-arbitrary-file-upload</loc>
<lastmod>2017-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-intro-js-tours/wp-introjs-plugin-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2212-admin-sql-injection</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raygun4wp/raygun4wp-180-reflected-cross-site-scripting</loc>
<lastmod>2017-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliengo/cliengo-chatbot-304-cross-site-request-forgery</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-198-authenticated-contributor-private-post-disclosure-in-pagelayer_builder_posts_shortcode</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-product-review/wordpress-plugin-smart-product-review-104-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flagallery-skins/flagallery-skins-115-sql-injection</loc>
<lastmod>2013-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mounthood/mounthood-ski-and-snowboarding-html-template-132-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-payment-gateways-woocommerce/custom-payment-gateways-for-woocommerce-210-unauthenticated-stored-cross-site-scripting-via-alg_wc_cpg_input_fields-parameter</loc>
<lastmod>2026-06-30T15:45:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/wordpress-file-sharing-plugin-203-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-online-courses-quizzes-learning-4241-unauthenticated-email-template-disclosure</loc>
<lastmod>2024-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/post-grid-post-carousel-list-category-posts-2418-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-reloaded/limit-login-attempts-reloaded-22525-missing-authorization</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-225-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11635-csv-injection-via-a-customers-profile</loc>
<lastmod>2020-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-page-plugin-353-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callback-request/callback-request-14-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-triggered-animations/animator-3016-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-quotes-list/stock-quotes-list-2911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesforce-wordpress-to-candidate/wordpress-to-candidate-for-salesforce-crm-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonial-manager/easy-testimonial-manager-120-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-07-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-662-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1123-authenticated-administrator-sql-injection-via-type</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1517-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-01T16:23:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitspecter-suite/bitspecter-suite-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-21T22:14:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-custom-field-values/get-custom-field-values-401-authenticated-administrator-stored-cross-site-scripting-via-plugin-widget</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updownupdown-postcomment-voting/updownupdown-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6505-denial-of-service</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-lms-course-builder-quizzes-certificates-220-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-3911-authenticated-administrator-sql-injection-via-data-parameter</loc>
<lastmod>2026-06-17T17:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourplugins-wc-conditional-cart-notices/conditional-cart-messages-for-woocommerce-8211-yourpluginscom-1210-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1170-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/in-stock-mailer-for-woocommerce/in-stock-mailer-for-woocommerce-211-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/regallery/re-gallery-responsive-photo-gallery-1189-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-598-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sinking-dropdowns/sinking-dropdowns-125-cross-site-request-forgery</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-builder/internal-link-builder-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1091-missing-authorization-checks</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/republish-old-posts/republish-old-posts-121-cross-site-request-forgery-via-rop_options_page</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-176-unauthenticated-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-27-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buying-buddy-idx-crm/buying-buddy-idx-crm-128-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-beaver-lite-addons-for-beaver-builder/ninja-beaver-add-ons-for-beaver-builder-245-authenticated-contributor-stored-cross-site-scripting-via-widgets</loc>
<lastmod>2024-05-21T19:30:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-432-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-621-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-media-player/yahoo-webplayer-206-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-148-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-218-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-246-authenticated-administrator-sql-injection-via-s-parameter</loc>
<lastmod>2025-04-14T11:33:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-382-missing-authorization-in-activate_ai_handler-and-deactivate_ai_handler</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baslider/image-slider-by-nextcode-112-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-best-woocommerce-wallet-system-with-cashback-rewards-partial-payment-wallet-refunds-150-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/login-security-firewall-malware-removal-by-cleantalk-2168-unauthenticated-stored-cross-site-scripting-via-page-url</loc>
<lastmod>2025-12-08T16:28:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-dump-iphone-to-wordpress-photo-uploader/idump-iphone-to-wordpress-photo-uploader-18-arbitrary-file-upload</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autopilot/ortto-1019-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenmart/greenmart-4211-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-727-missing-authorization-to-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-08-21T17:42:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lead-capture/lead-capturing-pages-25-unauthenticated-sql-injection</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-captcha/secure-captcha-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwgrandom/pwgrandom-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-204-cross-site-request-forgery</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simpledark/simpledark-1211-cross-site-scripting</loc>
<lastmod>2011-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wholesale-pricing/premmerce-wholesale-pricing-for-woocommerce-1110-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-11-17T20:08:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-115-cross-site-request-forgery-to-taxonomy-term-deletion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker-wp/popup-maker-responsive-popup-exit-intent-pop-up-email-optins-autoresponder-more-136-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teleadmin/teleadmin-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-import-and-export-wordpress-data-to-xml-or-csv-files-245-authenticated-arbitrary-file-upload</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-elementor-panel/flexible-elementor-panel-238-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-in-wpfc_purgecache_varnish_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depart-deposit-and-part-payment-for-woo/depart-107-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-262-stored-cross-site-scripting</loc>
<lastmod>2016-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protected-wp-login/protected-wp-login-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-by-email/post-by-email-104b-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-632-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/bp-better-messages-2432-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-optimizer/simple-optimizer-127-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-4501-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-downloader/ebook-downloader-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-620-incorrect-authorization-checks-on-rest-api-endpoints</loc>
<lastmod>2022-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-coming-soon-redirect-animation/maintenance-coming-soon-redirect-animation-213-missing-authorization-to-settings-update</loc>
<lastmod>2024-12-19T18:09:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-203-open-redirect-via-link-parameter</loc>
<lastmod>2024-09-16T19:55:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freeagent/freeagent-212-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-text-editor/visual-text-editor-121-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards-premium/yith-woocommerce-gift-cards-premium-3231-missing-authorization</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-8612-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9015-authenticated-admin-directory-traversal</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-91123-authenticated-contributor-stored-cross-site-scripting-via-sns-title</loc>
<lastmod>2026-02-17T16:43:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/certifica-wp/certifica-wp-31-authenticated-contributor-stored-cross-site-scripting-via-evento-parameter</loc>
<lastmod>2025-09-10T18:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-129-cross-site-request-forgery</loc>
<lastmod>2020-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uji-popup/uji-popup-143-authenticated-contributor-stored-cross-site-scripting-via-uji_popup_code-shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carta-online/carta-online-2130-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-03-06T18:48:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-blog-designer/sp-blog-designer-100-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-511-authenticated-php4-upload</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-for-woocommerce/smsa-shipping-for-woocommerce-104-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-shortcode/widget-shortcode-035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/getaway/getaway-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-834-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pathomation/pathomation-251-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multisite-scraper-post-generator-2682-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/connect-contact-form-7-woocommerce-to-google-sheets-other-platforms-advanced-form-integration-1620-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-wp/coming-soon-under-construction-maintenance-mode-by-dazzler-163-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torro-forms/torro-forms-1016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blossomthemes-email-newsletter/blossomthemes-email-newsletter-224-missing-authorization</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-5-550-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-24T15:31:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-shopping-cart-705-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-ad-staff-employee-directory-search/staff-employee-business-directory-for-active-directory-123-authenticated-admin-ldap-passback</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-authenticated-admin-path-traversal-to-arbitrary-file-modification</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20220222-insecure-direct-object-referece</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-18102-sql-injection</loc>
<lastmod>2014-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5263-denial-of-service</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/woo-slider-pro-drag-drop-slider-builder-for-woocommerce-112-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-05-29T21:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board/job-board-by-bestwebsoft-121-cross-site-request-forgery-to-stored-cross-site-scripting-via-_get-array-storage</loc>
<lastmod>2025-11-24T19:08:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6918-authenticated-author-open-redirect</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-rss/add-rss-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-shortcode-buttons/simple-shortcode-buttons-132-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-additional-fees-on-checkout-wordpress/woocommerce-additional-fees-on-checkout-free-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adstxt-guru-connect/adstxt-guru-connect-111-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-wp/gridkit-portfolio-200-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-posts-summary/best-posts-summary-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-comments/quote-comments-300-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-update</loc>
<lastmod>2026-01-06T18:35:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bloglo/bloglo-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-ecommerce/themes-coder-create-android-ios-apps-for-your-woocommerce-site-134-insecure-direct-object-reference-to-password-changeaccount-takeoverprivilege-escalation</loc>
<lastmod>2025-01-06T15:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-rss-widget/pinterest-rss-widget-231-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-326-authenticatedshop-manager-stored-cross-site-scripting-via-variable-pricing-options</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-wordpress-backup-plugin-plus-restore-migrate-by-boldgrid-11610-authenticated-admin-command-injection</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/better-wp-security-353-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-wordpress-wave-audio-player-with-playlist-691-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-04T21:11:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-pdf-invoices-abandoned-cart-variation-swatches-100-tools-7113-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aparat-shortcode/aparat-video-shortcode-024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-enable-users-to-submit-posts-from-the-front-end-20251210-unauthenticated-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2026-01-23T19:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rumbletalk-chat-a-chat-with-themes/rumbletalk-live-group-chat-635-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-newsletter/contact-form-7-newsletter-22-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-mastodon-feed/include-mastodon-feed-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2814-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-1026-cross-site-scripting</loc>
<lastmod>2019-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-284-insecure-oauth-implementation</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks-pro/essential-blocks-420-unauthenticated-php-object-injection-via-products</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizzy/whizzy-1118-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-7102-cross-site-scripting</loc>
<lastmod>2017-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infolinks-ad-wrap/infolinks-ad-wrap-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-pages/insert-pages-361-contributor-arbitrary-postspages-access</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/letterpress/letterpress-elevate-your-wordpress-site039s-e-mail-campaigns-and-marketing-122-cross-site-request-forgery</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torod/torod-the-smart-shipping-and-delivery-portal-for-e-shops-and-retailers-19-cross-site-request-forgery-to-plugins-settings-modification</loc>
<lastmod>2025-12-04T17:32:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator/em-cost-calculator-231-unauthenticated-stored-cross-site-scripting-via-customer_name</loc>
<lastmod>2026-02-25T12:47:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amministrazione-trasparente/amministrazione-trasparente-802-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschool/coschool-lms-14-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-1997-missing-authorization</loc>
<lastmod>2025-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quote-calculator-order/woocommerce-quote-calculator-11-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-3410-missing-authorization-to-authenticated-contributor-arbitrary-post-tag-modification</loc>
<lastmod>2026-01-05T19:03:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-1688-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-199-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-pro/featured-image-pro-post-grid-514-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtpayment-donation/gtpayment-donations-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-146-reflected-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-posts/wp-video-posts-351-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woopy/woopy-multipurpose-store-woocommerce-wordpress-shop-theme-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-443-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parcelpanel/parcelpanel-432-reflected-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listing-140-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lingotek-translation/ray-enterprise-translation-171-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-4-menus/font-awesome-4-menus-470-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/inhype/inhype-blog-magazine-wordpress-152-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eupago-gateway-for-woocommerce/eupago-gateway-for-woocommerce-319-cross-site-request-forgery-via-eupago_page_content</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blu-logistics/blu-logistics-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coinpress/coinpress-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/gratisfaction-434-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tripgo/tripgo-156-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kidz/kidz-524-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdreseller/gdreseller-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-190-unauthenticated-remote-command-execution</loc>
<lastmod>2015-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-206-username-enumeration-via-error-messages</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fusion-delisted/fusion-31-arbitrary-file-upload</loc>
<lastmod>2015-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-wishlist/flexible-wishlist-for-woocommerce-ecommerce-wishlist-save-for-later-1226-cross-site-request-forgery-to-wishlist-creationmodification</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsearchwp/chatbot-with-chatgpt-245-missing-authorization-to-unauthenticated-openai-api-key-exposure</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-store/food-store-137-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-theme-71113-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-644-reflected-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_transaction_id-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copyprotect/wp-copyprotect-protect-your-blog-posts-300-cross-site-scripting</loc>
<lastmod>2015-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chartbeat/chartbeat-207-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-constant-contact-and-contact-form-7-wpforms-elementor-ninja-forms-116-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/wordpress-contact-form-drag-and-drop-form-builder-plugin-live-forms-321-cross-site-scripting</loc>
<lastmod>2017-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-154-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-church-center/wp-church-center-133-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/msync/msync-100-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-7312-missing-authorization</loc>
<lastmod>2024-11-04T20:39:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-309-reflected-cross-site-scripting</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-create/create-by-mediavine-197-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-missing-authorization</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-2183-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-24T16:58:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aora/aora-1315-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3620-authenticated-subscriber-race-condition-to-multiple-reviews</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-348-authenticated-subscriber-stored-cross-site-scripting-via-job-settings</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-605-unauthenticated-views-changes</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-header_tag</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedinclude/linkedinclude-304-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-392-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ingenioso/ingenioso-1140-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-205-cross-site-request-forgery</loc>
<lastmod>2021-07-27T04:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicare/medicare-210-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-263-missing-authorization-to-authenticated-subscriber-limited-plugin-installation</loc>
<lastmod>2025-09-18T14:48:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-492-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mobile-pack/wordpress-mobile-pack-341-cross-site-request-forgery</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1020-missing-authorization-to-limited-setting-update</loc>
<lastmod>2024-05-24T14:43:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map/easy2map-129-directory-traversal-and-local-file-inclusion</loc>
<lastmod>2015-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1162-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-10-24T17:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-text-widget/advanced-text-widget-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f4-improvements/f4-improvements-180-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/c9-blocks/c9-blocks-177-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-elementor/music-player-for-elementor-audio-player-podcast-player-241-missing-authorization-to-authenticated-subscriber-template-import</loc>
<lastmod>2024-11-14T16:40:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consultor/consultor-a-business-financial-advisor-psd-template-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/famita/famita-154-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minimog/minimogwp-396-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-to-blocks/minimist-125-prototype-pollution</loc>
<lastmod>2022-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-249-missing-authorization-to-unauthenticated-plugin-settings-modification</loc>
<lastmod>2025-05-06T12:55:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-335-authenticated-contributor-stored-cross-site-scripting-via-content-parameter</loc>
<lastmod>2025-02-19T21:17:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-525-cross-site-request-forgery</loc>
<lastmod>2026-02-13T18:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-285-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-634-authenticated-contributor-settings-importexport</loc>
<lastmod>2025-10-17T14:41:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kv-send-email-from-admin/kv-compose-email-from-dashboard-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postapanduri/postapanduri-213-unauthenticated-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sql-chart-builder/sql-chart-builder-236-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-11T15:19:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-421-authenticated-shell-upload</loc>
<lastmod>2021-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webengage/webengage-feedback-survey-and-notification-201-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-phar-unserialization</loc>
<lastmod>2018-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/translate-wordpress-google-language-translator-6011-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/topfit/topfit-fitness-and-gym-wordpress-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rankmath-seo-101072-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-contact-chat-icons-whatsapp-telegram-chat-line-messenger-wechat-email-sms-call-button-chaty-322-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons-pro/xpro-elementor-addons-pro-147-authenticated-contributor-arbitrary-file-read-via-draw-svg</loc>
<lastmod>2026-05-26T20:55:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1990-cross-site-request-forgery</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dental/dental-clinic-37-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-241-authenticated-stored-cross-site-scripting-via-element-url</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/next-page-not-next-post/next-page-not-next-post-030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuss/nuss-133-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bne-gallery-extended/bne-gallery-extended-121-authenticated-contributor-stored-cross-site-scripting-via-gallery-shortcode</loc>
<lastmod>2024-11-25T20:16:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-reservation-calendar/cp-reservation-calendar-117-sql-injection</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-126-denial-of-service</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-332-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-71037-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-offrepo/captcha-25d-cross-site-scripting</loc>
<lastmod>2007-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-testimonials-slider/elfsight-testimonials-slider-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cache-control-by-cacholong/cache-control-by-cacholong-541-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/real3d-flipbook-lite-3d-flipbook-pdf-viewer-pdf-embedder-48-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-11-15T15:06:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-login-image/customize-login-image-34-cross-site-scripting</loc>
<lastmod>2021-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5744-authenticated-admin-stored-cross-site-scripting-via-form-settings</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-menus-in-different-pages/different-menu-in-different-pages-control-menu-visibility-all-in-one-232-missing-authorization-to-menu-duplication</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-files-upload-and-contest-plugin-for-wordpress-1704-admin-sql-injection</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bello/bello-directory-listing-159-unauthenticated-sql-injection</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-347-cross-site-request-forgery</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-login-when-resister/enabledisable-auto-login-when-register-110-cross-site-request-forgery</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coming-soon-product/woocommerce-coming-soon-product-with-countdown-50-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-rdw-kenteken-voertuiginformatie/open-rdw-kenteken-voertuiginformatie-2014-reflected-cross-site-scripting-via-open_data_rdw_kenteken</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sparkling/sparkling-249-missing-authorization-to-unauthenticated-arbitrary-plugin-activationdeactivation</loc>
<lastmod>2025-03-04T21:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-for-wordpress-64-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2020-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-3215-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2510-authenticated-author-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/valenti-engine/valenti-engine-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-dashboard/live-dashboard-033-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-hubspot/wp-gravity-forms-hubspot-125-open-redirect</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-splitter/order-splitter-for-woocommerce-530-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-632-authenticated-subscriber-arbitrary-shortcode-execution-via-parse-media-shortcode</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3123-missing-authorization</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-227-unauthenticated-sensitive-information-exposure-via-email-parameter</loc>
<lastmod>2026-01-16T14:00:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdeepl/deepl-pro-api-translation-214-cross-site-request-forgery-via-savesettings</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookster/bookster-wordpress-appointment-booking-plugin-211-authenticated-administrator-sql-injection-via-raw</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html2wp/html2wp-100-cross-site-request-forgery</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxgooglemap/cbx-map-for-google-map-openstreetmap-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-page-post-video-and-photo-galleries-286-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-effect-header/banner-effect-header-127-cross-site-request-forgery</loc>
<lastmod>2015-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wordpress-importer-import-any-xml-file-to-wordpress-101-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-2110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-page/maintenance-page-108-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adbuddy-adblocker-detection/adbuddy-adblocker-detection-by-netfunkdesign-113-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-page-builder-gutenberg-blocks-3136-unauthenticated-css-injection</loc>
<lastmod>2024-10-11T20:24:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crown-art/crown-art-drawing-and-music-school-wordpress-theme-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-github/wp-github-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-824-reflected-cross-site-scripting</loc>
<lastmod>2022-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparepress/comparepress-208-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scand-multi-mailer/multimailer-103-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/institute-management/institute-management-55-authenticated-administrator-stored-cross-site-scripting-via-enquiry-form-title-setting</loc>
<lastmod>2026-02-18T20:53:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-casengo-chat-widget/casengo-live-chat-support-214-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/job-postings-28-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wot-elementor-widgets/wot-elementor-widgets-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fpw-category-thumbnails/fpw-category-thumbnails-195-authenticated-subscriber-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2026-06-01T19:45:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-worldwide-express-edition/ltl-freight-quotes-worldwide-express-edition-5021-reflected-cross-site-scripting</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-286-sensitive-information-exposure</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dp-intro-tours/intro-tour-tutorial-deeppresentation-652-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alloggio/alloggio-hotel-booking-wordpress-theme-212-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-2411-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/points-and-rewards-for-woocommerce/points-and-rewards-for-woocommerce-295-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-207-authenticated-contributor-missing-authorization-to-arbitrary-form-submission-access-via-entries_id-parameter</loc>
<lastmod>2026-06-15T17:15:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mailchimp/integration-for-mailchimp-and-contact-form-7-wpforms-elementor-ninja-forms-122-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droip/droip-252-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-323-cross-site-request-forgery</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agenteasy-properties/agenteasy-properties-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2speed/wp2speed-faster-optimize-pagespeed-insights-score-90-100-101-improper-authorization-due-to-use-of-hardcoded-credentials</loc>
<lastmod>2024-07-08T19:47:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layouts-for-elementor/layouts-for-elementor-17-missing-authorization-to-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-builder/internal-link-builder-10-authenticated-administrator-stored-cross-site-scripting-via-plugins-settings</loc>
<lastmod>2026-01-13T16:46:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-elementor-charts-and-graphs-189-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-10T10:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/czater/czaterpl-live-chat-i-telefon-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptelegram-widget/wp-telegram-widget-and-join-link-2127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-flashcards/easy-flashcards-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:43:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-7512-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-cart/fluentcart-a-new-era-of-ecommerce-131-authenticated-administrator-sql-injection-via-groupkey-parameter</loc>
<lastmod>2025-12-02T15:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3212-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensive-vc-addon/extensive-vc-addons-for-wpbakery-page-builder-191-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-email-subscriber/simple-email-subscriber-23-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/object-cache-4-everyone/object-cache-4-everyone-232-information-exposure</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-job-board-wordpress-theme-390-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-81-subscriber-sql-injection</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6116-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibebp/vibebp-19951-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-155-reflected-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1127-unauthenticated-information-exposure</loc>
<lastmod>2026-01-16T19:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vithy/vithy-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pootle-button/pootle-button-120-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-posts/mark-posts-224-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-112612-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podamibe-twilio-private-call/podamibe-twilio-private-call-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery/imagepress-image-gallery-122-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4913-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bosa-elementor-for-woocommerce/bosa-elementor-addons-and-templates-for-woocommerce-1012-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printcart-integration/printcart-web-to-print-product-designer-for-woocommerce-239-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1289-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bibtex/wp-bibtex-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:48:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagination/pagination-by-bestwebsoft-106-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-instance-rename/wordpress-renaming-tool-by-vlajo-10-path-traversal</loc>
<lastmod>2015-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-button/floating-button-60-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timed-popup/wp-timed-popout-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2014-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-pix-for-woocommerce/pix-for-woocommerce-150-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-03-12T18:45:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anual-archive/annual-archive-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-direct-checkout-lite/direct-checkout-for-woocommerce-lite-103-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171028-authenticated-contributor-stored-dom-based-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-06-25T20:58:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailup/mailup-newsletter-sign-up-form-132-cross-site-scripting</loc>
<lastmod>2013-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-122-cross-site-request-forgery</loc>
<lastmod>2012-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3355-authenticated-contributor-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2026-04-07T12:55:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-mu-26-cross-site-scripting</loc>
<lastmod>2008-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3632-unauthenticated-local-file-inclusion-via-controller</loc>
<lastmod>2025-12-04T20:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-for-wordpress-151-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duracelltomi-google-tag-manager/google-tag-manager-for-wordpress-gtm4wp-1151-stored-cross-site-scripting-via-content-element-id</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-video-store/photo-video-store-2107-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fresh-framework/fresh-framework-1700-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-directory/faculty-staff-and-student-directory-plugin-campus-directory-190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-561-cross-site-request-forgery</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollbar-by-webxapp/scrollbar-by-webxapp-best-verticalhorizontal-scrollbars-plugin-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-gutenberg-block-310-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-341-improper-access-control-leading-to-table-data-deletion</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20260510-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-file-changes-monitor/website-file-changes-monitor-182-authenticated-admin-sql-injection</loc>
<lastmod>2022-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-378-authenticated-contributor-dom-based-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-01-27T19:08:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2081-reflected-cross-site-scripting</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-or-sidebar-per-shortcode/widget-or-sidebar-shortcode-061-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-29T14:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postman-widget/paloma-widget-114-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-arbitrary-file-upload</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upload-restriction/wp-upload-restriction-224-missing-authorization-checks</loc>
<lastmod>2021-07-02T15:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-peek/database-peek-12-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-display/acf-frontend-display-206-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortlinkspro/shortlinks-pro-107-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-2022928-unauthorized-file-upload-via-acf</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-bubble/chat-bubble-23-cross-site-request-forgery-via-cbb_submit_settings_data</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-search-permalink/seo-search-permalink-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowbox/flowbox-115-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-line-up-exactry-by-milliard/related-posts-line-up-exactly-by-milliard-0022-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandportfolio/grand-portfolio-33-cross-site-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-donations/total-donations-205-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2694-authenticated-contributor-stored-cross-site-scripting-via-call-to-action</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-css-compiler/wow-best-css-compiler-202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-214-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-addons-wpbakery-page-builder-addons/classic-addons-wpbakery-page-builder-30-authenticated-editor-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-responsive-photo-gallery-image-viewer-justified-masonry-carousel-2429-authenticated-custom-stored-cross-site-scripting-via-album-title-size</loc>
<lastmod>2025-03-07T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/super-testimonials-401-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/designfolio-plus/designfolio-plus-theme-unkown-versions-arbitrary-file-upload</loc>
<lastmod>2015-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jch-optimize/jch-optimize-400-missing-authorization-to-authenticated-subscriber-settings-modification</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-registration-and-profile-form-builder-frontend-editor-buddyforms-easy-wordpress-forms-281-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration-calendar-by-vcita/event-registration-calendar-by-vcita-131-online-payments-get-paid-with-paypal-square-stripe-3100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-6113-missing-authorization-to-unauthenticated-minor-settings-update</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-517-cross-site-scripting</loc>
<lastmod>2012-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-datatable/wp-jquery-datatable-410-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-481-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-invitation-based-registrations-custom-login-payments-3723-open-redirect</loc>
<lastmod>2021-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backup-mainwp/wpvivid-backup-for-mainwp-0933-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-reflected-cross-site-scripting-via-referer</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-734-authenticated-administrator-sql-injection</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-popup-on-user-login/legal-terms-and-conditions-popup-for-user-login-and-woocommerce-checkout-tpul-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/validar-certificados-de-cursos/validatecertify-161-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9032-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-249-263-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T22:01:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-252-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-plus/featured-image-plus-164-missing-authorization-to-authenticated-subscriber-featured-image-update</loc>
<lastmod>2025-05-29T19:23:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-translate/wp-translate-530-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0916-authenticated-admin-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2021-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tijaji/tijaji-143-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-boss/yahoo-boss-07-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-281-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gAppointments/gappointments-1951-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedding-barcodes-into-product-pages-and-orders/barcode-generator-for-woocommerce-show-barcodes-on-products-orders-invoices-and-other-pages-202-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonts-manager-custom-fonts/fonts-manager-custom-fonts-12-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/termageddon-usercentrics/termageddon-cookie-consent-privacy-compliance-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-forms-for-paystack/payment-forms-for-paystack-402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T18:12:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-google/google-plus-102-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-posts/category-posts-widget-4919-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-69-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openai-tools-for-wp-wc/openai-tools-for-wordpress-woocommerce-215-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-skype-button/ultra-skype-button-10-authenticated-contributor-stored-cross-site-scripting-via-btn_id-shortcode-attribute</loc>
<lastmod>2025-12-05T16:46:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-544-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kentha-elementor/kentha-elementor-widgets-31-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/norse-runes-oracle/norse-rune-oracle-plugin-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-loyalty-points-and-rewards-plugin-for-wordpress-and-woocommerce-give-points-ranks-badges-cashback-woocommerce-rewards-and-woocommerce-credits-for-gamification-273-missing-authorization-to-unauthenticated-database-upgrade</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/glamchic/glamchic-1011-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-05-23T14:33:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-1414-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T21:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-directory-traversal-to-local-file-inclusion</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-profile/user-profile-2020-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1728-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-242-full-path-disclosure</loc>
<lastmod>2015-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-161-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-370-authenticated-administrator-sql-injection</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/wordpress-pinterest-plugin-161-stored-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-15115-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-217-cross-site-scripting</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-373-sql-injection</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentoptin/contentoptin-lite-wp-content-upgrade-plugin-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58012-authenticated-administrator-stored-cross-site-scripting-via-order-details</loc>
<lastmod>2025-07-21T09:53:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-swagger-ui/embed-swagger-ui-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack-feedback-exporter/jetpack-feedback-exporter-123-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securesubmit/wp-securesubmit-1518-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-455-authenticated-marketer-sql-injection-via-search-parameter</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-plugin-532-sql-injection</loc>
<lastmod>2020-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sw-contact-form/sw-contact-form-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-for-plugin-by-fluent-forms-508-insecure-direct-object-reference</loc>
<lastmod>2023-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/inspiro/inspiro-212-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-08-20T16:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-flexible-shortcodes/meks-flexible-shortcodes-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paypal/payment-button-for-paypal-12335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3212-unauthenticated-sql-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p/h5p-1157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-504-authenticated-custom-stored-cross-site-scripting-via-product-sku</loc>
<lastmod>2026-06-26T17:53:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-stock-prices-for-wordpress/financial-stocks-crypto-market-data-plugin-1103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-pricing-woocommerce/quantity-dynamic-pricing-bulk-discounts-for-woocommerce-403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-the-author-box-for-humans-351-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-150-cross-site-scripting</loc>
<lastmod>2014-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-251-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wordpress-plugin-wp-legal-pages-351-missing-authorization-to-unauthenticated-api-disconnect</loc>
<lastmod>2025-10-31T13:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-star-rating/gd-star-rating-1922-blind-sql-injection</loc>
<lastmod>2014-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-service/opal-service-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-exclude/search-exclude-126-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-13325-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-create-popup-optins-lead-generation-survey-sticky-elements-interactive-content-069-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eggdrop/wp-eggdrop-01-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-input-fields-for-woocommerce/product-input-fields-for-woocommerce-170-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter-pro/ad-inserter-pro-2739-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-instruction-recorder/library-instruction-recorder-114-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4257-command-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zendesk/zendesk-support-for-wordpress-184-cross-site-request-forgery</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forget-about-shortcode-buttons/forget-about-shortcode-buttons-212-missing-authorization-via-fasc_buttons</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-multisite-selector/dropdown-multisite-selector-092-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-countdown/redirect-countdown-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1672-reflected-cross-site-scripting-via-locale-parameter</loc>
<lastmod>2025-02-18T10:25:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riode-core/riode-core-1626-unauthenticated-sql-injection</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-379-authenticated-contributor-stored-cross-site-scripting-via-wpf_optin_form-shortcode</loc>
<lastmod>2026-04-03T22:13:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0189-cross-site-scripting</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-for-elementor/pdf-viewer-for-elementor-293-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-with-ai-seo-tools-10216-authenticated-contributor-stored-cross-site-scripting-via-titlewrapper</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/donpeppe/don-peppe-13-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-search-360/site-search-360-217-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-markdown/external-markdown-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-2611-authenticated-contributor-sensitive-information-exposure-via-countdown-and-off-canvas</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3138-missing-authorization-to-unauthenticated-account-destruction-of-non-admin-users</loc>
<lastmod>2026-03-23T16:27:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-321-reflected-cross-site-scripting</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freightco/freightco-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goldish/goldish-347-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five-minute-webshop/five-minute-webshop-132-authenticated-admin-sql-injection-via-orderby</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_option_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-cache-poisoning</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-281-remote-code-execution-via-tax_query-meta_query-date_query-parameters</loc>
<lastmod>2019-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/easync-1311-reflected-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesmate-add-on/salesmate-add-on-for-gravity-forms-203-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-402-cross-site-scripting</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goods-catalog/goods-catalog-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4235-authenticated-admin-server-side-request-forgery-via-rss-feed-source</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadconnector/leadconnector-3022-missing-authorization</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-tube/hdw-wordpress-video-gallery-12-reflected-cross-site-scripting-via-playlist-parameter</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1311-cross-site-request-forgery-to-arbitrary-plugin-activation-and-deactivation</loc>
<lastmod>2021-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-facebook-comments/fancy-comments-wordpress-1214-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluetrait-event-viewer/btev-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4257-insecure-direct-object-reference-to-information-disclosure</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-346-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-dashboard/material-dashboard-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-featured-image/bulk-featured-image-121-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-240-multiple-cross-site-scripting</loc>
<lastmod>2018-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turitop-booking-system/turitop-booking-system-1010-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3112-restricted-email-bypass</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-2999-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quttera-web-malware-scanner/quttera-web-malware-scanner-34148-sensitive-data-exposure</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/appointment-booking-calendar-plugin-and-scheduling-plugin-bookingpress-1116-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0910-authenticated-contributor-sql-injection-via-plugins-shortcode</loc>
<lastmod>2025-12-10T14:30:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/struktur/struktur-251-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userback/userback-1013-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-2910-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-slider/wp-contact-slider-246-stored-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail/mail-13-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-splash-screen/kento-splash-screen-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-264-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/001-prime-strategy-translate-accelerator/001-prime-strategy-translate-accelerator-111-missing-authorization</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-plugin/simple-popup-plugin-45-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T13:55:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/files-download-delay/files-download-delay-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-manager/popup-manager-166-missing-authorization-to-arbitrary-popup-deletion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easylogo/easy-logo-193-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/holmes/holmes-digital-agency-wordpress-theme-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/security-malware-scan-by-cleantalk-2145-authorization-bypass-via-reverse-dns-spoofing-to-unauthenticated-sql-injection</loc>
<lastmod>2024-11-25T17:07:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activity-reactions-for-buddypress/activity-reactions-for-buddypress-1022-cross-site-request-forgery</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upi-qr-code-payment-for-woocommerce/upi-qr-code-payment-gateway-for-woocommerce-162-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utw-importer/ultimate-tag-warrior-importer-02-cross-site-request-forgery</loc>
<lastmod>2025-08-28T15:44:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-410-464-missing-authorization-to-authenticated-subscriber-limited-user-meta-update</loc>
<lastmod>2026-01-23T19:29:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-checkout-for-woocommerce/klarna-checkout-for-woocommerce-2134-denial-of-service</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-232-reflected-cross-site-scripting</loc>
<lastmod>2016-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalogue-313-sql-injection</loc>
<lastmod>2015-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-csv-xls-exporter/simple-csvxls-exporter-158-csv-injection</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitly-linker/bitly-linker-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitly-274-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20243-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cab-fare-calculator/cab-fare-calculator-116-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bot-block-stop-spam-google-analytics-referrals/bot-block-8211-stop-spam-referrals-in-google-analytics-26-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reality/reality-estate-multipurpose-wordpress-theme-255-reflected-cross-site-scripting</loc>
<lastmod>2020-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-791-and-ithemes-security-pro-684-hidden-login-bypass</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-409-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-manager/jquery-manager-for-wordpress-1104-jquery-migrate-helper-141-running-vulnerable-dependency</loc>
<lastmod>2020-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-table-of-content/rich-table-of-contents-138-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-audio-dock/themify-audio-dock-205-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-3137-cross-site-request-forgery</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets-extended/code-snippets-extended-147-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T14:51:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-repeater/content-repeater-113-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1818-authenticated-administrator-stored-cross-site-scripting-via-widget</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-503-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slippy-slider-responsive-touch-navigation-slider/slippy-slider-responsive-touch-navigation-slider-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:26:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-108-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sellkit/sellkit-181-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cwicly/cwicly-1402-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5722-authenticated-subscriber-sql-injection-vulnerability-via-optionslist_id</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-wp/aweber-forms-by-optin-cat-257-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T21:31:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magicform/magicform-01-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-158-blind-sql-injection</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5951-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-515-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-566-booster-plus-565-and-booster-elite-117-for-woocommerce-cross-site-request-forgery-leading-to-arbitrary-custom-role-creationdeletion</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-protectedshops/wpshopgermany-protected-shops-20-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syncee-global-dropshipping/syncee-premium-dropshipping-wholesale-1027-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-3417-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-5265-unauthenticated-ticket-payment-bypass</loc>
<lastmod>2025-10-17T18:07:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-1910-1911-full-path-disclosure</loc>
<lastmod>2013-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowplayer6-video-player/flowerplayer-video-player-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-paywall/jnews-paywall-1201-cross-site-request-forgery</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2742-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-3405-sql-injection</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-2100-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libro-de-reclamaciones-y-quejas/libro-de-reclamaciones-y-quejas-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-openpos/woocommerce-openpos-644-unauthenticated-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-wordpress-backup-plugin-plus-restore-migrate-by-boldgrid-1168-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-section/parallax-section-block-109-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-star-rating/universal-star-rating-1104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wti-like-post/wti-like-post-145-stored-cross-site-scripting</loc>
<lastmod>2020-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newspaper-lite/newspaper-lite-110-reflected-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-270-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-portfolio/companion-portfolio-responsive-portfolio-plugin-2401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:48:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/antispam-by-cleantalk-5185-authenticated-administrator-sql-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5919-authenticated-contributor-stored-cross-site-scripting-via-dual-color-header-event-calendar-advanced-data-table</loc>
<lastmod>2024-05-09T19:32:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-along-with-bookings-subscription-listings-compatible-6725-authenticated-vendor-insecure-direct-object-reference-to-arbitrary-user-deletion</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/iq-block-country-1213-admin-arbitrary-file-deletion-via-zip-slip</loc>
<lastmod>2022-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlight-social-photo-feeds/spotlight-social-media-feeds-1610-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggator/taggator-plugin-133-sql-injection</loc>
<lastmod>2012-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/websand-subscription-form/websand-subscription-form-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cumulus/wp-cumulus-120-sensitive-information-exposure</loc>
<lastmod>2009-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-526-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-1312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3312-authenticated-author-arbitrary-file-deletion</loc>
<lastmod>2025-04-18T18:52:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/atomchat-114-missing-authorization-via-credits-rest-api-endpoint</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-cards-meta/twitter-cards-meta-best-twitter-card-plugin-for-wordpress-250-cross-site-scripting</loc>
<lastmod>2017-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flags-widget/flags-widget-107-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-widget-url-attribute</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-chat/wp-dashboard-chat-103-authenticated-contributor-sql-injection-via-id</loc>
<lastmod>2025-10-14T20:03:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adapta-rgpd/adapta-rgpd-132-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/credova-financial/credova_financial-248-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/3cx-live-chat-8007-cross-site-scripting</loc>
<lastmod>2018-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-reflected-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-375-reflected-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-quick-view/wpc-smart-quick-view-for-woocommerce-425-insecure-direct-object-reference-to-unauthenticated-private-product-exposure</loc>
<lastmod>2025-10-17T18:24:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/k-elements/k-elements-539-authentication-bypass</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20221201-reflected-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-it-recht-kanzlei/wpshopgermany-it-recht-kanzlei-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-wp-as-saml-idp/login-using-wordpress-users-wp-as-saml-idp-1156-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-15T20:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-shortcodes-for-genesis/awesome-shortcodes-for-genesis-118-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-458-pro-227-free-missing-authorization-via-eventon_save_virtual_event_settings</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himalayas/himalayas-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-favorite-posts/wp-favorite-posts-165-unauthenticated-cross-site-scripting</loc>
<lastmod>2016-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devs-accounting/devs-accounting-120-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-id-parameter</loc>
<lastmod>2026-06-23T16:39:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2105-missing-authorization</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-alt-text/image-alt-text-200-missing-authorization-to-authenticated-subscriber-image-alt-text-update</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-205-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2025-11-12T15:20:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-301-missing-authorization</loc>
<lastmod>2010-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-preview/wordpress-responsive-preview-11-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-pop-up-banners/cm-pop-up-banners-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2533-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-06-16T17:40:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-google-mapsopenstreetmapmapboxstore-locatorlistingdirectory-filters-493-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3319-authenticated-open-redirect</loc>
<lastmod>2018-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-392-reflected-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro/image-map-pro-6020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/qaengine/qaengine-14-privilege-escalation</loc>
<lastmod>2015-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-ninja-forms-contact-form-3610-authenticated-admin-stored-cross-site-scripting-via-import</loc>
<lastmod>2022-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-1201-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-5726-missing-authorization</loc>
<lastmod>2024-07-16T18:52:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha-bp/wp-recaptcha-bp-41-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-static/simply-static-313-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-addons/case-addons-130-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/masterstudy/masterstudy-48122-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-1096-unauthorized-settings-change</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-notice/gdpr-cookie-notice-120-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registration-password/fs-registration-password-101-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-05T16:31:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-148-arbitrary-file-upload</loc>
<lastmod>2014-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-facebook/wordpress-facebook-1013-sql-injection</loc>
<lastmod>2017-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-management-for-woocommerce/woocommerce-category-banner-management-241-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleflickr/simpleflickr-303-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twinklesmtp/twinklesmtp-email-service-provider-for-wordpress-103-authenticated-administrator-stored-cross-site-scripting-via-sender-settings</loc>
<lastmod>2026-01-06T18:34:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-full-path-disclosure</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-baidu-submit/wp-baidu-submit-121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-260-authenticatedstudent-html-injection-via-qa</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1292-authenticated-admin-sql-injection</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easysnippet/rich-snippet-site-report-200105-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-14T19:47:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rollbar/rollbar-271-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-builder-custom-login-form-user-profile-content-restriction-membership-plugin-446-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-15T02:13:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-115-cross-site-scripting</loc>
<lastmod>2020-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-286-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-ai-powered-business-directory-plugin-with-classified-ads-listings-848-authenticated-subscriber-arbitrary-file-move</loc>
<lastmod>2025-10-24T17:34:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nimble-portfolio/wordpress-picture-portfolio-media-gallery-301-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-06-18T14:30:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300529-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-973-authenticated-stored-cross-site-scripting-via-title-description</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-armour-extended/wp-armour-extended-126-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2711-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adifier/adifier-premium-theme-314-reflected-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupwordpress/backupwordpress-042b-remote-file-inclusion</loc>
<lastmod>2007-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-quotation/simple-quotation-132-sql-injection</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eps-301-redirects/301-redirects-easy-redirect-manager-272-cross-site-request-forgery-via-dismiss_notice</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-custom-testimonial/ap-custom-testimonial-147-sql-injection</loc>
<lastmod>2022-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artificial-intelligence-auto-content-generator/ai-tools-407-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-unauthenticated-php-object-injection-via-path-traversal</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-3171-reflected-cross-site-scripting</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-284-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-17-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/booking-calendar-appointment-booking-bookit-250-missing-authorization-to-unauthenticated-stripe-connection</loc>
<lastmod>2025-11-11T19:23:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-naver-talktalk/-1118-authenticated-contributor-stored-cross-site-scripting-via-add_plus_friends-and-add_plus_talk-shortcodes</loc>
<lastmod>2024-11-22T23:35:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/altima-lookbook-free-for-woocommerce/altima-lookbook-free-for-woocommerce-110-refletced-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-200-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/peachpay-112046-cross-site-request-forgery-to-stripe-unlink</loc>
<lastmod>2026-05-27T18:40:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/conditional-marketing-mailer-for-woocommerce-152-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bvd-easy-gallery-manager/bvd-easy-gallery-manager-106-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/min-and-max-quantity-for-woocommerce/minimum-and-maximum-quantity-for-woocommerce-200-missing-authorization</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/elex-woocommerce-advanced-bulk-edit-products-prices-attributes-149-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitor-stats-widget/visitor-stats-widget-150-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-maintenance-extension/mainwp-maintenance-extension-411-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-11036-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-253-arbitrary-settings-change</loc>
<lastmod>2017-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-1139-cross-site-request-forgery</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbrutalai/wp-brutal-ai-206-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-2723-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support-pro/wp-live-chat-support-pro-8026-arbitrary-file-upload</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/obfuscate-email/obfuscate-email-381-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:36:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easy-pay-payment-and-donation-form-builder-for-square-450-cross-site-request-forgery</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1502-missing-authorization</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-750-cross-site-request-forgery</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pano/wp-pano-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-163-missing-authorization-to-unauthenticated-admin-notice-dismissal</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-210-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-youtube-video-channel-and-gallery-plugin-221-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1311-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3965-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-soundcloud-player-with-playlist/html5-soundcloud-player-280-authenticated-author-php-object-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-assistant-by-10web/10web-ai-assistant-ai-content-writing-assistant-1018-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-widgets-6513-authenticated-author-limited-privilege-escalation-via-register_user</loc>
<lastmod>2026-05-13T18:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-338-missing-authorization-to-vote-tampering</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-pages-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-727-authenticatedsubscriber-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2024-07-11T09:29:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-wp-admin/protect-wp-admin-36-unauthenticated-plugin-deactivation</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postem-ipsum/postem-ipsum-301-missing-authorization-to-authenticated-subscriber-privilege-escalation-in-postem_ipsum_generate_users</loc>
<lastmod>2025-12-12T16:05:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-contact/wp-easy-contact-401-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-04T17:36:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-264-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsmanapp/newsmanapp-276-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T16:04:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-170-reflected-cross-site-scripting-via-thumbtext</loc>
<lastmod>2015-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-162-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-stream-badger/live-stream-badger-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:12:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viet-nam-affiliate/viet-nam-affiliate-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-people/wp-people-341-sql-injection</loc>
<lastmod>2008-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-286-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-257-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagemash/pagemash-page-management-130-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-wp-debug-toggle/wp_debug-toggle-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-tab-for-directorypress-pp/coupon-tab-for-directorypress-pp-coupon-tab-020-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/social-pug-1300-missing-authorization-via-multiple-admin_init-actions</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3812-missing-authorization-to-arbitrary-user-deletion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-621-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-year-firework/new-year-firework-119-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-stored-cross-site-scripting-via-accessibility-helper-title</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-google-authenticator/login-with-otp-over-sms-email-whatsapp-and-google-authenticator-104-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-3151-unauthenticated-sql-injection-via-product_order-parameter</loc>
<lastmod>2026-05-12T21:06:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6718-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T18:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-members/advanced-members-for-acf-125-authenticated-subscriber-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons3/easy-social-share-buttons-94-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41017-authenticatedcontributor-stored-cross-site-scripting-via-link-wrapper</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1548-authenticated-admin-cross-site-scripting-xss</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-525-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-02T18:30:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-7892-authenticated-subscriber-arbitrary-file-upoload-via-module-import</loc>
<lastmod>2026-01-23T23:49:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-304-cross-site-scripting</loc>
<lastmod>2007-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-151-cross-site-scripting</loc>
<lastmod>2010-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmovielibrary/wpmovielibrary-2148-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-2717-authenticated-contributor-stored-cross-site-scripting-via-_html_tag</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-contact-forms/slick-contact-forms-137-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-images/wp-responsive-images-10-unauthenticated-path-traversal-to-arbitrary-file-read-via-src</loc>
<lastmod>2026-02-25T12:50:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-thumbnailsBanner/lambertgroup-allinone-banner-with-thumbnails-38-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-calendar/spider-calendar-113-multiple-vulnerabilities</loc>
<lastmod>2012-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadr-for-woocomerce/spreadr-woocommerce-104-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azurecurve-shortcodes-in-comments/azurecurve-shortcodes-in-comments-202-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-09T18:09:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xews-lite/xews-lite-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arya-multipurpose-pro/arya-multipurpose-pro-108-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2042-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foundation-columns/foundation-columns-08-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3240-reflected-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashicons-cpt/dashicons-custom-post-types-102-missing-authorization</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-featured-image-from-bing/external-featured-image-from-bing-102-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockspare/blockspare-320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vikinger/vikinger-1932-authenticated-subscriber-arbitrary-file-deletion-via-vikinger_delete_activity_media_ajax-function</loc>
<lastmod>2025-07-01T20:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-444-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wordpress-importer-import-any-xml-file-to-wordpress-102-reflected-cross-site-scripting</loc>
<lastmod>2022-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/auberge/auberge-145-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reformer-elementor/reformer-for-elementor-105-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modular-connector/modular-ds-251-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-shortcodes/league-of-legends-shortcodes-101-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-less-to-css/wp-less-to-css-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-list/page-list-62-missing-authorization-to-authenticated-contributor-sensitive-information-disclosure-via-shortcode-attributes</loc>
<lastmod>2026-06-05T12:41:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3106-authenticated-contributor-stored-cross-site-scripting-via-calendly-widget</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valiance/valiance-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxi-blocks-219-authenticated-author-stored-cross-site-scripting-via-style-card-rest-api</loc>
<lastmod>2026-05-01T14:44:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/this-or-that/this-or-that-by-andr-boekhorst-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycryptocheckout/mycryptocheckout-bitcoin-ethereum-and-100-altcoins-for-woocommerce-2161-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-plus/register-plus-3511-sensitive-information-disclosure</loc>
<lastmod>2010-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-lookbook-for-woocommerce-13-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-1253-sql-injection</loc>
<lastmod>2021-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfavicon/wpfavicon-211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-team/team-members-showcase-340-reflected-cross-site-scripting</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm-map-elementor/osm-map-widget-for-elementor-130-authenticated-contributor-stored-cross-site-scripting-via-button-url</loc>
<lastmod>2025-08-28T15:44:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-cross-site-request-forgery-to-php-code-injection-in-bsacreateadtemplate</loc>
<lastmod>2025-07-01T14:53:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-plus/limit-login-attempts-plus-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securimage-wp/securimage-wp-plugin-351-reflected-cross-site-scripting</loc>
<lastmod>2013-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-326-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-261-reflected-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anubis/anubis-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-386-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/give-donation-plugin-2330-authenticatedgive-manager-privilege-escalation</loc>
<lastmod>2023-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arrival/arrival-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-176-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-78102-missing-authorization-to-unauthenticated-conversion-tracking-data-manipulation</loc>
<lastmod>2026-04-07T10:52:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-153-missing-authorization-in-save_options-and-reset_widgets</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-membership/micropayments-paid-author-subscriptions-content-downloads-membership-195-cross-site-request-forgery</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-one-click-woocommerce/buy-one-click-woocommerce-229-missing-authorization-to-authenticated-subscriber-settings-export</loc>
<lastmod>2024-11-12T13:28:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecover-builder-for-dummies/ecover-builder-for-dummies-10-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-posts-display/magical-posts-display-1252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/wordpress-geolocation-plugin-cf-geo-plugin-71311-reflected-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-481-cross-site-scripting-via-tribe_paged-parameter</loc>
<lastmod>2019-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-460-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monetag-official/monetag-official-113-missing-authorization</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-elements/elements-for-elementor-19-stored-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3212-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-text-popup/inline-text-popup-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-327-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divebook/divebook-114-sql-injection</loc>
<lastmod>2020-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsol/wpsol-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-search/seo-search-11-cross-site-request-forgery</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falling-things/falling-things-108-authenticated-editor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-475-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2022-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-131-cross-site-request-forgery</loc>
<lastmod>2024-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7318727-sql-injection</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-142-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-177-authenticated-subscriber-limited-code-injection</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-events/wp-events-234-sql-injection</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/sprout-invoices-2053-sensitive-information-exposure</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-265-cross-site-scripting</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-integration/getresponse-5519-cross-site-request-forgery</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/logo-slider-logo-showcase-logo-carousel-logo-gallery-and-client-logo-presentation-368-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-wordpress-file-upload-pro-4191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reset/reset-16-cross-site-request-forgery-to-database-reset</loc>
<lastmod>2025-02-17T15:48:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-294-unauthenticated-php-object-injection</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-appointment-scheduling/ultimate-appointment-booking-scheduling-1110-reflected-cross-site-scripting</loc>
<lastmod>2020-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-font-uploader/wbcom-designs-custom-font-uploader-234-missing-authorization-to-font-deletion</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10253-cross-site-request-fogery-via-extend_builder</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storekeeper-for-woocommerce/storekeeper-for-woocommerce-1444-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-238-missing-authorization</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-duplicate-switcher/catch-duplicate-switcher-21-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-maintenance-mode/smart-maintenance-mode-151-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-and-calls-to-action-by-vcita-4105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-724-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-151-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-1912-reflected-cross-site-scripting</loc>
<lastmod>2021-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensorpress-uptime-monitoring/sensorpress-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-274-reflected-cross-site-scripting</loc>
<lastmod>2023-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-617-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-346-reflected-cross-site-scripting-via-s-parameter</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ubigeo-peru/ubigeo-de-per-para-woocommerce-y-wordpress-363-unauthenticated-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-245-cross-site-request-forgery-via-rtcl_ajax_thumbnail_delete</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-ajax-product-filters-for-woocommerce/dynamic-ajax-product-filters-for-woocommerce-137-authenticated-contributor-stored-cross-site-scripting-via-name-parameter</loc>
<lastmod>2025-08-27T17:41:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backtotop/back-to-top-20-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exs-widgets/exs-widgets-031-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-1515-multiple-sql-injection</loc>
<lastmod>2015-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aardvark/aardvark-463-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bbcode/wp-bbcode-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:19:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3393-cross-site-request-forgery</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-code-to-head/add-code-to-head-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-page-stub-creator/bulk-page-stub-creator-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-1911-missing-authorization</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-1034-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ddirections/driving-directions-144-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hotstar/hotstar-multi-purpose-business-theme-14-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advance-search/advance-search-for-woocommerce-109-cross-site-scripting</loc>
<lastmod>2018-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-manager-light/content-manager-light-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/birdseed/birdseed-220-cross-site-request-forgery-via-birdseed-token-change</loc>
<lastmod>2026-06-01T19:45:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixel-formbuilder/pixel-wordpress-form-builderplugin-autoresponder-103-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abitgone-commentsafe/abitgone-commentsafe-100-cross-site-request-forgery-to-settings-update-and-cross-site-request-forgery</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-authenticated-admin-server-side-request-forgery-via-give_get_content_by_ajax_handler</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-archive-generator/simple-archive-generator-52-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggbox-widget/tagbox-ugc-galleries-social-media-widgets-user-reviews-analytics-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3265-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapa-politico-spain/wp-mapa-politico-espaa-380-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-2212-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exquisite-wp/exquisite-ultimate-newspaper-theme-133-cross-site-scripting</loc>
<lastmod>2015-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-31-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-buddy-builder/buddybuilder-buddypress-builder-for-elementor-173-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dropzone/wp-dropzone-111-authenticated-contributor-stored-cross-site-scripting-via-callback-shortcode-attribute</loc>
<lastmod>2025-12-11T15:09:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liquid-speech-balloon/liquid-speech-balloon-118-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sidebars/custom-sidebars-2102-reflected-cross-site-scripting</loc>
<lastmod>2015-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f12-profiler/f12-profiler-139-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwduvp/ultimate-video-player-wordpress-woocommerce-plugin-101-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3344-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voucherpress/voucherpress-157-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-1650-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-274-authenticated-contributor-stored-cross-site-scripting-via-mycred_link-shortcode</loc>
<lastmod>2024-11-07T21:21:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/t-countdown/t-countdown-248-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-29T13:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-yogi/yogi-health-beauty-yoga-292-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-notice-for-gdpr-ccpa-eprivacy-consent-407-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-154-cross-site-request-forgery-to-plugin-deactivation</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-generator/custom-post-type-generator-242-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subpages-extended/subpages-extended-166-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-insights/analytics-insights-62-open-redirect</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-4410-missing-authorization</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5917-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-easy-instagram-widget/meks-easy-photo-feed-widget-124-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poeditor/poeditor-0910-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homefix-ele-portfolio/homefix-elementor-portfolio-101-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tune-library/tune-library-155-sql-injection</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/generate-images-magic-post-thumbnail-527-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/MDx/mdx-203-authenticated-contributor-stored-cross-site-scripting-via-mdx_list_item-shortcode</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelers-map/travelers-map-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-schemaorg-rich-snippets/schema-all-in-one-schema-rich-snippets-165-cross-site-request-forgery-in-rich_snippet_dashboard</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-919-missing-authorization-to-authenticated-subscriber-license-deactivation-via-deactivate_license</loc>
<lastmod>2026-03-13T15:17:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-184-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-45-cross-site-scripting-via-network-settings-page</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/appointment-event-booking-calendar-plugin-webba-booking-5048-missing-authorization-to-authenticated-subscriber-css-settings-update</loc>
<lastmod>2024-09-23T13:28:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-distance-calculator/mk-google-directions-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T16:43:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-usermetas/delete-usermetas-112-cross-site-request-forgery</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-guppy/wp-guppy-433-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gearside-developer-dashboard/gearside-developer-dashboard-1072-reflected-cross-site-scripting</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feature-comments/featured-comments-125-cross-site-request-forgery</loc>
<lastmod>2014-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopbuilder/shopbuilder-elementor-woocommerce-builder-addons-2112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-shipping-and-billing-address-for-woocommerce/multiple-shipping-and-billing-address-for-woocommerce-13-unauthenticated-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-5719-missing-authorization-in-handle_ajax_request</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-7010-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-notepads/dashboard-notepads-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-2d/live2dwebcanvas-1911-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-01-30T14:13:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-remote-code-execution</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-author/about-author-162-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simpleweather/wp-simpleweather-025-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-3108-missing-authorization-to-plugin-settings-change-via-wppb_two_factor_authentication_settings_update</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-element/news-element-elementor-blog-magazine-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pos/woocommerce-pos-178-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-18-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-9011-authenticated-contributor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-288-unauthenticated-arbitrary-file-read-and-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/privy-crm-integration/privyr-crm-102-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveoptim/seo-plugin-liveoptim-113-cross-site-request-forgery</loc>
<lastmod>2014-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpspx/wpspx-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-missing-authorization-to-arbitrary-postpage-deletion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1574-file-upload-path-traversal</loc>
<lastmod>2021-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5953-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-3165-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-companion-21026-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designo/designo-220-cross-site-request-forgery</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-instagram-feed-690-free-680-pro-authenticated-contributor-stored-cross-site-scripting-via-data-plugin-attribute</loc>
<lastmod>2025-05-28T16:22:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coins-marketcap/coins-marketcap-558-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-511-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recencio-book-reviews/recencio-book-reviews-1660-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youmax-channel-embeds-for-youtube-businesses/youtube-video-grid-19-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-61-super-interactive-maps-19-super-logo-showcase-22-arbitrary-file-upload</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-free/real-testimonials-216-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flex-mag/flex-mag-responsive-wordpress-news-theme-352-missing-authorization-to-authenticated-subscriber-arbitrary-option-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricetable/price-table-022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-01-27T11:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-settings/wordpress-custom-settings-10-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4912-authenticated-admin-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-questions/wp-security-question-105-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-166-server-side-request-forgery</loc>
<lastmod>2019-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1290-unauthenticated-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-77-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-395-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-ups-edition/ltl-freight-quotes-tforce-edition-364-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2450-authenticated-editor-stored-cross-site-scripting-via-form-prize-and-sharing-method-fields</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-loc8/ip-loc8-11-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donations-block/donation-block-for-paypal-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brandfolder/brandfolder-digital-asset-management-simplified-301-localremote-file-inclusion</loc>
<lastmod>2016-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wb-sticky-notes/sticky-notes-for-wp-dashboard-124-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-d3-tree/category-d3-tree-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-google-map-travel/ab-google-map-travel-ab-map-40-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-5026-authenticated-shop-manager-remote-code-execution</loc>
<lastmod>2026-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/utech-world-time-for-wp/utech-world-time-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-responsive-gallery/portfolio-responsive-gallery-117-blind-sql-injection</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-member-directory/paid-memberships-pro-member-directory-add-on-126-authenticated-contributor-information-exposure</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-cross-site-request-forgery-to-afilliate-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-manager-for-enamad/logo-manager-for-enamad-072-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-organizer/plugin-organizer-1023-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-password-protect-your-wordpress-site-pages-woocommerce-products-277-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-local-avatar/add-local-avatar-121-cross-site-request-forgery-via-manage_avatar_cache</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-authenticated-privilege-escalation</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-22-unauthenticated-limited-options-update-via-failed-login</loc>
<lastmod>2026-01-06T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-product-labels-for-woocommerce/product-labels-for-woocommerce-153-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exhibz/exhibz-309-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bubble-menu/bubble-menu-circle-floating-menu-402-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesmerize-companion/mesmerize-companion-16158-missing-authorization-authenticated-subscriber-settings-update</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-23T14:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-page-sitemap/wp-html-page-sitemap-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nest-addons/nest-addons-163-unauthenticated-sql-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-missing-authorization-checks</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-contect-editor-for-specific-template/disable-content-editor-for-specific-template-20-cross-site-request-forgery-to-template-configuration-update</loc>
<lastmod>2025-10-23T20:09:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-253-missing-authorization</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forym/forym-158-reflected-cross-site-scripting</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverreach-wc/official-cleverreach-plugin-for-woocommerce-344-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-353-missing-authorization</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-for-woocommerce/fibosearch-1321-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-527-authenticated-admin-php-object-injection</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2010-authenticated-cross-site-scripting</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lis-video-gallery/lis-video-gallery-021-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-383-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3332-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/mixed-media-gallery-blocks-332-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/epic-church/epic-church-by-organized-themes-36-arbitrary-file-download</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-3050-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-login-url-change/admin-login-url-change-115-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/abandoned-cart-recovery-for-woocommerce-by-autonami-211-missing-authorization</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-searchable-data-entry-system/custom-searchable-data-entry-system-171-unauthenticated-database-wiping</loc>
<lastmod>2020-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trademe-widget/trademe-widgets-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-co-pilot-for-wp/ai-copilot-127-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personalize-woocommerce-cart-page/personalized-woocommerce-cart-page-24-cross-site-request-forgery</loc>
<lastmod>2019-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrar-getnet-con-woo/getnet-argentina-para-woocommerce-001-004-authorization-bypass-via-webhook</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captchinoo-captcha-for-login-form-protection/captchinoo-admin-login-page-protection-with-google-recaptcha-24-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service/service-104-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mementor-core/mementor-core-225-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-11-10T15:06:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multimedia-carousel/multimedia-responsive-carousel-with-image-video-audio-support-260-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-xml-feeds-for-woocommerce/product-xml-feed-manager-for-woocommerce-293-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boom-fest/boom-fest-221-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-1315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-339-authenticated-author-stored-cross-site-scripting-via-content_block-shortcode</loc>
<lastmod>2026-04-17T21:21:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-535-missing-capabilities-check</loc>
<lastmod>2016-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-12-153-remote-code-execution</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-editor-and-classic-widgets/classic-editor-and-classic-widgets-141-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-admin-account-and-ticket-creation</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codup-wp-freshsales/wordpress-to-freshsales-integration-1322-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-by-audioeye/accessibility-by-audioeye-1049-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timer-countdown/countdown-timer-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-responsive-faq/html5-responsive-faq-285-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-agency/hello-agency-105-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-a-meta-field-as-block/meta-field-block-151-insecure-direct-object-reference-to-authenticated-contributor-arbitrary-user-meta-exposure</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveaways-contests-by-promosimple/giveaways-and-contests-by-promosimple-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-clock-pro/time-clock-122-time-clock-pro-114-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-71-stored-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/infocus/infocus-33-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-arbitrary-page-modification</loc>
<lastmod>2017-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-icons-for-elementor/material-design-icons-for-page-builders-142-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-by-elementor-90-authenticated-contributor-local-file-inclusion-via-widget-template-parameter</loc>
<lastmod>2026-04-15T17:56:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-1916-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-job-board-responsive-wordpress-theme-71-missing-authorization-to-authenticated-subscriber-multiple-administrative-actions</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/gutenberg-blocks-page-builder-comboblocks-2287-authenticated-contributor-stored-cross-site-scripting-via-accordion-block</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-3142-cross-site-request-forgery-to-transient-cache-clearing</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-522-missing-authorization</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3140-unauthenticated-information-disclosure-in-nf_ajax_submit-ajax-action</loc>
<lastmod>2026-02-09T20:41:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-external-links-in-a-new-window/external-links-in-new-window-new-tab-142-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-473-unauthenticated-sql-injection</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-43-arbitrary-file-deletion</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-cpt-options-pages/advanced-custom-fields-cpt-options-pages-209-cross-site-request-forgery</loc>
<lastmod>2025-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kraken-image-optimizer/krakenio-image-optimizer-267-missing-authorization-to-authenticated-subscriber-plugin-options-update</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-user-registration-forms-plugin-6086-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-321-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-327-cross-site-request-forgery</loc>
<lastmod>2019-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-595-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-247-missing-authorization-to-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxi-blocks/maxiblocks-2200-patterns-190-pages-142k-icons-100-styles-192-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-07-22T13:02:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-295-authorization-bypass</loc>
<lastmod>2020-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-21017-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-06-07T16:16:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfrom-email/wpfrom-email-188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostfact-bestelformulier-integratie/hostfact-bestelformulier-integratie-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:22:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-widget-creator/custom-widget-creator-105-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/globe-gateway-e4/global-gateway-e4-payeezy-gateway-20-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv2wpec-coupon/csv2wpec-coupon-11-arbitrary-file-upload</loc>
<lastmod>2016-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsolr-free/wpsolr-240-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pressmart/pressmart-modern-elementor-woocommerce-wordpress-theme-1216-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardgate/cardgate-payments-for-woocommerce-3115-lack-of-origin-validation</loc>
<lastmod>2020-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver/socialdriver-2024-prototype-pollution</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedulicity-online-appointment-booking/schedulicity-easy-online-scheduling-221-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-collection/history-collection-111-arbitrary-file-download</loc>
<lastmod>2015-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient-portfolio/salient-portfolio-182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-222-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-timelines/wp-timeline-vertical-and-horizontal-timeline-plugin-367-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/help-scout/help-scout-656-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.3/wordpress-core-431-authenticated-cross-site-scripting</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-366-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-by-elementor-90-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-04-15T17:57:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmcs-bridge/whmcs-bridge-61-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-232-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-28T10:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-bar/cookie-notice-bar-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-19T21:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailyedition/daily-edition-162-cross-site-scripting</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vision/vision-interactive-171-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-631-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1160-reflected-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-106-arbitrary-file-download</loc>
<lastmod>2015-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-626-reflected-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-upload-wc-pro/drag-and-drop-multiple-file-upload-pro-woocommerce-506-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3810-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-contact-form-7-and-salesforce-139-cross-site-request-forgery</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-time/countdown-timer-block-display-the-events-date-into-a-timer-124-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-377-insecure-direct-object-reference-to-authenticated-contributor-arbitrary-optimizer-data-deletionreadmodification-via-post_path-parameter</loc>
<lastmod>2026-06-30T14:57:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-admin-menu/custom-admin-menu-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailtree-log-mail/mailtree-log-mail-100-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yurl-retwitt/yurl-retwitt-14-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posturl/add-post-url-210-cross-site-request-forgery</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filedownload/filedownload-14-blind-sql-injection</loc>
<lastmod>2015-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-114-authenticated-author-csv-injection</loc>
<lastmod>2020-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexo-countdown/flexo-counter-10001-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-making-json-ld/auto-making-json-ld-453-cross-site-request-forgery-to-plugin-certification-settings-via-nonce-validation-bypass</loc>
<lastmod>2026-05-26T17:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/section-widget/section-widget-331-unauthenticated-path-traversal</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-woocommerce-dynamic-pricing-and-discounts/elex-woocommerce-dynamic-pricing-and-discounts-212-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10235-authenticated-contributor-stored-cross-site-scripting-via-rank-math-api</loc>
<lastmod>2025-02-12T16:21:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debt-calculator/debt-calculator-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dologin/dologin-security-37-missing-authorization-on-dashboard-widget</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-aggregator/wp-event-aggregator-182-reflected-cross-site-scripting</loc>
<lastmod>2025-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-simple-recaptcha/contact-form-7-captcha-011-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/tagdiv-cloud-library-27-missing-authorization-to-arbitrary-user-metadata-update</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-500-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75417212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontier-post/frontier-post-61-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-373-insecure-direct-object-reference</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-130-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5320-reflected-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-factory/icons-factory-1612-missing-authorization-to-unauthenticated-arbitrary-file-deletion-via-delete_files-function</loc>
<lastmod>2025-08-14T20:15:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-structured-data-schema/wp-seo-structured-data-schema-2711-authenticated-contributor-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2025-05-07T17:42:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-roadmap/wp-roadmap-108-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5188-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xelion-webchat/xelion-webchat-910-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-04-23T19:47:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adstxt/adstxt-plugin-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-3520-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-related-posts/inline-related-posts-304-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-wp_user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-facebook-comments/wordpress-fancy-comments-1210-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lawyer-landing-page/lawyer-landing-page-127-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-url/include-url-035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-get-contents/jsm-file_get_contents-shortcode-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-search-by-my-solr-server/advanced-search-by-my-solr-server-205-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T20:29:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-242-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-text-widget/enhanced-text-widget-163-missing-authorization-via-etw_hide_admin_notification_callback</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scw-bus-seat-reservation/bus-ticket-booking-with-seat-reservation-for-woocommerce-17-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nightlife/nightlife-theme-all-known-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudflare-cache-purge/cloudflarer-cache-purge-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-and-492-authenticated-subscriber-directory-traversal-to-arbitrary-file-write-via-qcld_openai_upload_pagetraining_file</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-add-engaging-countdowns-timers-counters-to-your-wordpress-site-206-authenticated-administrator-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf_last_name-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logs-book/wp-logs-book-101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-importer/csv-importer-038-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-328-reflected-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/truemag/truemag-unknown-versions-reflected-cross-site-scripting</loc>
<lastmod>2016-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-241209-reflected-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-event-booking/awesome-event-booking-272-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chart-generator/wp-chart-generator-104-authenticated-contributor-stored-cross-site-scripting-via-wpchart-shortcode</loc>
<lastmod>2025-08-11T14:04:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2311-unauthenticated-sever-side-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/samandehi-logo-manager/logo-manager-for-samandehi-05-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-bookshelves/library-bookshelves-58-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acurax-social-media-widget/social-media-widget-22-stored-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-220-cross-site-request-forgery</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carter-elementor/carter-for-elementor-102-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-603-authenticated-contributor-stored-cross-site-scripting-via-wrapper_class-and-class-parameters</loc>
<lastmod>2024-08-29T14:54:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-218-reflected-cross-site-scripting</loc>
<lastmod>2023-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/celestial-aura/celestial-aura-22-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-bulk-edit/astra-bulk-edit-127-missing-authorization</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-blogster-lite/video-blogster-lite-12-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-55-unauthorized-password-reset-via-interception</loc>
<lastmod>2017-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-premium-magic-scroll-module</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitter-feed/peadigs-twitter-feed-embedded-timeline-wordpress-plugin-22-reflected-cross-site-scripting</loc>
<lastmod>2010-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-23-directory-traversal</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/context-blog/context-blog-125-unauthenticated-private-post-disclosure</loc>
<lastmod>2026-02-17T16:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm2go/crm-2go-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-playlist/wp-video-playlist-112-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mhr-custom-anti-copy/mhr-custom-anti-copy-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nimble-builder/nimble-page-builder-321-reflected-cross-site-scripting</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2110-local-file-inclusion</loc>
<lastmod>2015-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1155-reflected-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0955-reflected-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3701-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radykal-fancy-gallery/radykal-fancy-gallery-124-arbitrary-file-upload</loc>
<lastmod>2012-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepact-klaviyo-contact-form-7/sitepacts-contact-form-7-extension-for-klaviyo-105-unauthenticated-sql-injection</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-4217-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-410-unauthenticated-information-disclosure</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-733-missing-authorization-to-authenticated-author-sensitive-information-exposure</loc>
<lastmod>2025-11-11T20:07:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-envoy/push-envoy-notifications-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-controller/block-controller-143-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content/private-content-8115-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-testimonial-carousel-for-elementor/advanced-testimonial-carousel-for-elementor-300-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-attempts-limit-wp/login-and-registration-attempts-limit-21-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-jquery-image-gallery/slideshow-2113-cross-site-scripting-and-sensitive-information-disclosure</loc>
<lastmod>2012-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4992-authenticated-privilege-escalation</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4997-reflected-cross-site-scripting-via-to-parameter</loc>
<lastmod>2025-03-21T16:21:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversation-watson/chatbot-with-ibm-watson-0821-cross-site-scripting</loc>
<lastmod>2020-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ql-cost-calculator/cost-calculator-74-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stagtools/stagtools-238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup4phone/popup4phone-132-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-652-server-side-request-forgery</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-217-reflected-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-photo-feed-widget/widgets-for-social-photo-feed-179-unauthenticated-stored-cross-site-scripting-via-feed_data</loc>
<lastmod>2026-04-03T19:57:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-collections/docket-woocommerce-collections-wishlist-watchlist-170-missing-authorization-to-unauthenticated-arbitrary-postpage-deletion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9320-unauthenticated-sql-injection</loc>
<lastmod>2025-08-15T14:57:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audiotube/audiotube-003-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:20:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2159-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onoffice-for-wp-websites/onoffice-for-wp-websites-651-authenticated-editor-sql-injection</loc>
<lastmod>2025-10-14T19:47:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-guest-post/really-simple-guest-post-106-local-file-inclusion</loc>
<lastmod>2015-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dejavu/dejavu-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woorewards/myrewards-loyalty-points-and-rewards-for-woocommerce-561-missing-authorization-to-authenticated-subscriber-arbitrary-loyalty-rule-modification</loc>
<lastmod>2026-02-03T19:44:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-158-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collect-and-deliver-interface-for-woocommerce/cdi-553-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-64-super-interactive-maps-21-sql-injection</loc>
<lastmod>2021-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/essentialplugin-plugins-various-versions-injected-backdoor</loc>
<lastmod>2026-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-audio-player/ws-audio-player-118-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-address-blocker/ip-blocker-lite-1111-ip-spoofing</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-20218-reflected-cross-site-scripting</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-collections/docket-woocommerce-collections-wishlist-watchlist-170-unauthenticated-sql-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-fields-to-media/add-custom-fields-to-media-203-cross-site-request-forgery-to-custom-field-deletion-via-delete-parameter</loc>
<lastmod>2026-03-18T18:16:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/markup-markdown/markup-markdown-3206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logs-book/wp-logs-book-101-cross-site-request-forgery-to-log-disabling</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-countdown-widget/wordpress-countdown-widget-3191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-shortcode/contact-form-with-shortcode-425-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-23519-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-church-management-system-for-wordpress-theme-13-07-2019-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yasr-yet-another-stars-rating-091-authenticated-sql-injection</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-manager/simple-business-manager-4674-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recover-wc-abandoned-cart/recover-abandoned-cart-for-woocommerce-25-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-bottom-menu-for-wp/wp-mobile-bottom-menu-140-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-portfolio-grid/advance-portfolio-grid-1076-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-rename-media-on-upload/auto-rename-media-on-upload-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/appointment-and-event-booking-calendar-for-wordpress-amelia-1049-arbitrary-booking-update-and-sensitive-data-exposure</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360deg-javascript-viewer/360-javascript-viewer-1711-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-contact-form/very-simple-contact-form-115-captcha-bypass</loc>
<lastmod>2022-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-23-reflected-cross-site-scripting</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-250-unauthenticated-improper-output-neutralization-for-logs-via-log_js_errors-ajax-action</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice/propovoice-crm-178-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prowess/prowess-181-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-chain-menu/taxonomy-chain-menu-108-authenticated-contributor-stored-cross-site-scripting-via-pn_chain_menu-shortcode</loc>
<lastmod>2025-05-01T15:09:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-business-directory-plugin-for-wordpress-400-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-alt-attribute/update-image-tag-alt-attribute-245-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1334-csv-injection</loc>
<lastmod>2020-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badr-naver-syndication/naver-syndication-v2-083-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-manager/table-manager-100-authenticated-contributor-sensitive-information-exposure-via-table-shortcode-attribute</loc>
<lastmod>2026-04-21T19:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3433-authenticated-sendwp-plugin-installation-and-client-secret-key-disclosure</loc>
<lastmod>2021-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xen-carousel/xen-carousel-0122-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-699-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-all-in-one/cart-all-in-one-for-woocommerce-1121-authenticated-administrator-code-injection-via-sc_assign_page-setting</loc>
<lastmod>2026-02-17T18:22:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-214-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-416-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-users/email-users-482-reflected-cross-site-scripting</loc>
<lastmod>2016-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/infocus/infocus-33-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-1151-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-contact-info-widget/contact-info-widget-262-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-261-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ungapped-widgets/ungapped-widgets-1-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:27:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-spam-by-math-reloaded/block-spam-by-math-reloaded-224-missing-authorization</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-127-missing-authorization-via-formcraft_nag_update</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linear/linear-2712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:02:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-filter-gallery/portfolio-gallery-image-gallery-plugin-112-cross-site-request-forgery</loc>
<lastmod>2020-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-532-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/while-it-is-loading/while-loading-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-dislike-voting/like-dislike-voting-101-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-11T14:23:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-templates-for-elementor/custom-post-type-templates-for-elementor-1101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-10466-authenticated-admin-arbitrary-directory-deletion</loc>
<lastmod>2025-01-24T18:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wbounce/wbounce-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-561-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-07-02T18:45:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twimp-wp/twimp-wp-01-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loan-comparison/loan-comparison-151-reflected-cross-site-scripting</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-file-duplicator/theme-file-duplicator-13-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-buttons-for-elementor/magic-buttons-for-elementor-10-authenticated-contributor-stored-cross-site-scripting-via-magic-button-shortcode</loc>
<lastmod>2025-07-01T14:56:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3303-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlyoffice-docspace/onlyoffice-docspace-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-voting/nextgen-gallery-voting-275-authenticated-admin-sql-injection</loc>
<lastmod>2014-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-1589-authenticatedcontributor-remote-code-execution-via-template-import</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fancybox/wordpress-fancybox-102-stored-cross-site-scripting</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-1261-reflected-cross-site-scripting</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elevio/elevio-441-cross-site-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/follow-me/follow-me-plugin-311-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ivysilani-shortcode/ivysilani-shortcode-30-authenticated-contributor-stored-cross-site-scripting-via-width-shortcode-attribute</loc>
<lastmod>2026-03-20T15:18:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-external-attachments/import-external-attachments-1512-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-2011-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-17T15:41:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-772-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hls-crm-form-shortcode/helloleads-crm-form-shortcode-10-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced-shortcode/advanced-file-manager-shortcode-253-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/visual-css-style-editor-753-reflected-cross-site-scripting-via-wyp_page_type-parameter</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-web-share-button/share-buttons-social-media-102-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corpkit/corpkit-20-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/techlife-cpt/tech-life-cpt-164-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vocal/vocal-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hester/hester-1110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-701-arbitrary-file-upload</loc>
<lastmod>2020-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-138-reflected-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently-viewed-most-viewed-and-sold-products-for-woocommerce/recently-11-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creavi-booking-service/appointment-booking-calendar-144-authenticated-author-stored-cross-site-scripting-via-custom-booking-field-label</loc>
<lastmod>2026-06-18T16:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_save_state</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-53-510-authenticated-author-server-side-request-forgery</loc>
<lastmod>2026-02-13T20:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-list-widget/simple-link-list-widget-032-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-0606-reflected-cross-site-scripting-via-wahi</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlayers-core/goodlayers-core-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-core/avada-core-5150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-for-woocommerce/subscriptions-for-woocommerce-1810-missing-authorization</loc>
<lastmod>2026-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/domnoo/domnoo-149-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-post-docx-source/seraphinite-post-docx-source-2169-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-restrict-member-access-to-content-courses-communities-free-or-paid-subscriptions-2591-cross-site-scripting</loc>
<lastmod>2021-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/wzone-14100-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility/accessibility-102-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-21210-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21124-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1393-unauthenticated-ip-spoofing</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circle-image-slider-with-lightbox/team-circle-image-slider-with-lightbox-1017-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-383-missing-authorization-to-unauthenticated-payment-status-update</loc>
<lastmod>2025-10-24T16:53:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-199-reflected-cross-site-scripting</loc>
<lastmod>2022-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-317-cross-site-scripting</loc>
<lastmod>2021-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viable-blog/viable-blog-114-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gmappity-easy-google-maps/google-maps-made-simple-06-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-654-cross-site-request-forgery</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-596-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2021-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amwerk/amwerk-120-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1415-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shoutbox-live-chat/steveas-wp-live-chat-shoutbox-142-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-uucss_update_rule</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-formerly-woolentor-287-missing-authorization-via-purchased_new_products</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41069-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T18:50:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-survey/perfect-survey-152-cross-site-request-forgery</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-block-theme/create-block-theme-121-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ses/guzzlehttppsr7-191-245-interpretation-conflict</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/store-toolkit-for-woocommerce-156-missing-authorization</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5611-authenticated-contributor-stored-cross-site-scripting-via-onclick-events</loc>
<lastmod>2024-06-11T19:14:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-leads-builder-any-crm/lead-form-data-collection-to-crm-31-missing-authorization-to-authenticated-subscriber-many-actions</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-estate/opal-estate-1611-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alemha-watermark/alemha-watermarker-131-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-61-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-10-31T18:15:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-230-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/stripe-payment-plugin-for-woocommerce-379-unauthenticated-sql-injection</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-powerplaygallery/powerplay-gallery-33-arbitrary-file-upload</loc>
<lastmod>2015-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-333-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-taxonomy-modification</loc>
<lastmod>2026-03-04T16:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popupally/popupally-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/woocommerce-affiliate-plugin-coupon-affiliates-41134-cross-site-request-forgery</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylist/extra-block-design-style-css-for-any-gutenberg-blocks-026-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-216-missing-authorization-to-authenticated-student-privilege-escalation-to-administrator</loc>
<lastmod>2026-03-25T12:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-unlimited-grid-layout-135-unauthenticated-arbitrary-shortcode-execution-via-grid_plus_load_by_category</loc>
<lastmod>2024-12-11T15:38:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parsian-bank-gateway-for-woocommerce/parsian-bank-gateway-for-woocommerce-10-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-412-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rezo/multiple-themify-themes-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-1223-sensitive-information-disclosure</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ampedsense-adsense-split-tester/ampedsense-adsense-split-tester-468-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-771-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedweb/feedweb-3010-missing-authorization</loc>
<lastmod>2015-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-consent/cookie-notice-consent-164-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.5/wordpress-core-452-cross-site-scripting-via-pluploadflashswf</loc>
<lastmod>2016-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-219-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-gallery/gallery-manager-1512-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-291-missing-authorization</loc>
<lastmod>2026-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-296-authenticated-administrator-directory-traversal</loc>
<lastmod>2023-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-power/affiliate-power-sales-tracking-for-affiliate-marketers-220-reflected-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiftninjapro-inspect-element-console-blocker/developer-tools-blocker-321-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mask/content-mask-184-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-114-unauthenticated-arbitrary-file-move</loc>
<lastmod>2025-04-04T18:15:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-surveys/awesome-surveys-2010-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-popups/newspack-campaigns-2311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/convertplug-342-unauthenticated-administrator-creation</loc>
<lastmod>2019-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splide-carousel/splide-carousel-block-171-authenticated-contributor-stored-cross-site-scripting-via-url-block-attribute</loc>
<lastmod>2026-05-26T13:53:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-381-admin-sql-injection</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-343-unauthenticated-php-object-injection-via-form-entry-metadata</loc>
<lastmod>2026-04-07T11:35:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicenter/medicenter-health-medical-clinic-wordpress-theme-149-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-472-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-docs/smart-docs-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-bxslider/os-bxslider-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-log-action/wp-log-action-051-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-buttons-for-taxonomies/radio-buttons-for-taxonomies-205-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-product-inquiry/fs-product-inquiry-111-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3222-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3106-authenticated-contributor-stored-cross-site-scripting-via-ms_layer-shortcode</loc>
<lastmod>2025-03-04T21:15:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-along-with-bookings-subscription-listings-compatible-6716-missing-authorization-to-unauthenticated-plugin-settings-modification</loc>
<lastmod>2025-07-08T11:13:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-books-showcase/gs-books-showcase-130-authenticator-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-245-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions-pro/beeteam368-extensions-pro-234-authenticated-subscriber-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-06-27T14:30:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-301-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-engine/code-engine-032-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-019-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aawp-obfuscator/aawep-obfuscator-10-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-slideshow/portfolio-slideshow-1130-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/total/total-2159-missing-authorization-to-authenticated-subscriber-sections-update</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-338-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-856-missing-authorization-via-restore_records</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2742-authenticated-contributor-stored-cross-site-scripting-via-icon-widget</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack-debug-helper/jetpack-debug-tools-200-missing-authorization</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-signup-form/simple-signup-form-165-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-17T15:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-rating/editorial-rating-405-authenticated-administrator-stored-cross-site-scripting-via-link-url-field</loc>
<lastmod>2026-06-29T16:17:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager/custom-post-type-and-taxonomy-gui-manager-11-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-18-authenticated-contributor-stored-cross-site-scripting-via-widget-page-title</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-450-authenticated-stored-cross-site-scripting-via-title</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3220-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zweb-social-mobile/zweb-social-mobile-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-24T19:08:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-in-comment/shortcode-in-comment-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-cache-232-cross-site-request-forgery</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-228-unprotected-ajax-action-to-storedreflected-cross-site-scripting</loc>
<lastmod>2020-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5259-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pica-photo-gallery/pica-photo-gallery-10-sql-injection</loc>
<lastmod>2017-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-product-manipulation</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-privacy/embed-privacy-180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.2/wordpress-core-222-cross-site-scripting</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-unique-id/gp-unique-id-155-unauthenticated-form-submission-unique-id-modification</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-bulk-assign-linked-products/bulk-assign-linked-products-for-woocommerce-21-missing-authorization</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-form/formflow-2121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-marketplace-4025-missing-authorization</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-388-authenticated-contributor-stored-cross-site-scripting-via-placeholder_img-parameter</loc>
<lastmod>2026-01-27T17:12:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-event-registration-plugin-2122-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-22-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-3753-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-240315-limited-privilege-escalation</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-387-reflected-cross-site-scripting</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-post-email-notification/publish-post-email-notification-1023-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-237-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpfulcrowd-product-reviews/helpfulcrowd-product-reviews-129-inccorect-authorization-via-type-juggling-in-token-parameter-to-arbitrary-settings-update</loc>
<lastmod>2026-06-08T15:04:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-posts/wp-video-posts-351-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-171-unauthenticated-sql-injection</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-368-missing-authorization-to-authenticated-subscriber-filebird-plugin-installation</loc>
<lastmod>2024-11-15T15:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcam-2way-videochat/2way-videocalls-and-random-chat-html5-webcam-videochat-527-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuturn/tuturn-36-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1261-authenticated-administrator-stored-cross-site-scripting-via-widget</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-bootstrap-carousel/slider-bootstrap-carousel-107-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:06:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-56-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/katelyn/katelyn-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-puzzle/slide-puzzle-100-reflected-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yozi/yozi-2063-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-shortcodes/shortcodes-by-united-themes-505-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-tynt/easy-tynt-0251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-import-any-xml-file-to-wordpress-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-donation/accept-stripe-donation-aidwp-315-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/live-streaming-broadcast-live-video-5515-missing-authorization-to-unauthenticated-remote-code-execution</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quiz/wp-quiz-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-376-missing-authorization-to-authenticated-subscriber-posts-and-media-creation-modification-and-deletion</loc>
<lastmod>2026-01-05T19:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-212-missing-authorization-to-unauthenticated-arbitrary-options-update-to-privilege-escalation-via-install-imprint-ajax-action</loc>
<lastmod>2026-04-15T16:45:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-sphere/wp-photo-sphere-38-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swoop-password-free-authentication/1-click-login-passwordless-authentication-145-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-mounty/the-mounty-hiking-campground-children-camping-wordpress-theme-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-396-reflected-cross-site-scripting</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiritual-gifts-survey/spiritual-gifts-survey-0910-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-invoice/web-invoice-213-authenticated-sql-injection</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/contact-form-survey-popup-form-plugin-for-wordpress-arforms-form-builder-15-cross-site-scripting</loc>
<lastmod>2021-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2314-missing-authorization</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-2216-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invitation-based-registrations/invitation-based-registrations-2284-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-186-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-via-handlesubmitaction-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grou-random-image-widget/grou-random-image-widget-118-full-path-disclosure</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-550-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modify-profile-fields-dashboard-menu-buttons/profile-dashboard-fields-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/publishpress-authors-475-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pjw-mime-config/pjw-mime-config-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-15T15:01:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-replace-image/easy-replace-image-352-missing-authorization-to-authenticated-contributor-arbitrary-attachment-replacement</loc>
<lastmod>2026-01-27T17:10:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-anti-fraud/woocommerce-anti-fraud-32-insecure-direct-object-reference</loc>
<lastmod>2020-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-news-slider/image-news-slider-32-unspecified-vulnerability</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-genix-lite/support-genix-1423-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-comments/google-comments-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1840-authenticated-contributor-sql-injection-via-order_by-shortcode-attribute</loc>
<lastmod>2026-05-27T19:36:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite-pro/pixelyoursite-pro-12501-unauthenticated-blind-server-side-request-forgery-via-urls-parameter</loc>
<lastmod>2026-05-01T16:53:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-based-shipping-calculator/distance-based-shipping-calculator-2023-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-13-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-382-cross-site-request-forgery-via-handle_optin_optout</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-cross-site-request-forgery-to-record-deletion</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-ai-content-writer-with-keyword-research-seo-tracking-441-unauthenticated-information-exposure</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-community-and-user-profile-wordpress-plugin-5110-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-06-13T19:48:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1192-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-382-authorization-bypass</loc>
<lastmod>2015-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/n7-golf-club/n7-golf-club-sports-events-2160-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/panda-pods-repeater-field/panda-pods-repeater-field-1512-missing-authorization</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-media-library-fix/fix-media-library-20-unauthenticated-information-exposure</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/wp-search-analytics-1410-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:40:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1718-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-page-extensions/custom-page-extensions-06-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0970-authenticated-arbitrary-file-read</loc>
<lastmod>2022-04-07T10:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ean-payment-gateway/woocommerce-ean-payment-gateway-610-missing-authorization-to-authenticated-contributor-ean-update</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/cp-multi-view-event-calendar-1436-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-20503-sql-injection</loc>
<lastmod>2017-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-305-improper-authorization-to-information-disclosure</loc>
<lastmod>2011-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_add_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microtango/microtango-0929-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-10T20:03:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-categories/media-library-categories-111-unauthenticated-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-223-stored-cross-site-scripting</loc>
<lastmod>2020-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1516-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button/spotify-play-button-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mixlr-shortcode/mixlr-shortcode-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:23:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-861-stored-cross-site-scripting-via-vc_custom_heading-shortcode</loc>
<lastmod>2025-10-14T17:32:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-pdf/post-to-pdf-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filepicker-media-uploader/filestack-208-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-17T16:17:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-173-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automated-editor/automated-editor-13-cross-site-request-forgery-via-admin-menu-pages</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-css-and-js/add-custom-css-and-js-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-original-media-path/wp-original-media-path-240-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-role/user-role-155-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-513-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-stop-words/social-media-wpcf7-stop-words-113-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-03T15:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-30-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flytedesk-digital/flytedesk-digital-20181101-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookiechoise/wp-cookie-choice-110-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kleo/kleo-550-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-xendit-virtual-accounts/xendit-payment-602-missing-authorization-to-unauthenticated-arbitrary-order-status-update-to-paid</loc>
<lastmod>2026-02-03T19:31:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/which-template-file/which-template-file-480-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-set-slideshows/flickr-set-slideshows-09-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-251-authenticated-contributor-stored-cross-site-scripting-via-pricing-widgets</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-file-upload-for-woocommerce/product-file-upload-for-woocommerce-224-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auphonic-importer/auphonic-importer-151-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-1310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/info-cards/info-cards-207-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-newsletter-signups/easy-newsletter-signups-104-authenticated-admin-sql-injection</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/batch-cat/batch-cat-03-missing-authorization</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-150-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-1153-reflected-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-rat-collect/fat-rat-collect-260-missing-authorization</loc>
<lastmod>2023-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-postpix/ai-image-generator-for-your-content-featured-images-ai-postpix-118-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-visionary-core/visionary-core-149-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-demo-importer/easy-demo-importer-a-modern-one-click-demo-import-solution-112-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-03T21:05:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-business-700-790-and-developer-2000-2090-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seedprod-coming-soon-pro-5/seedprod-pro-6195-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-fussball-de-widgets/include-fussballde-widgets-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-reviews-import-export-for-woocommerce/webtoffee-plugins-various-versions-arbitrary-user-creation</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-free-flat-shipping-woocommerce/advanced-flat-rate-shipping-woocommerce-1644-cross-site-request-forgery-via-enabledisable-and-deletepost</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subtitle/wp-subtitle-341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-shortcode-gutenberg-blocks-and-elementor-addon-for-post-grid-792-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-image-crop-add-on/advanced-custom-fields-image-crop-add-on-1412-improper-authorization</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-855-reflected-cross-site-scripting-via-product-editing</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-283-authenticated-contributor-stored-cross-site-scripting-via-wl-universal-product-layout</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simpolio/simpolio-fullscreen-portfolio-blog-html-theme-132-arbitrary-options-update</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userspn/users-manager-pn-1115-unauthenticated-privilege-escalation-via-account-takeover-via-userspn_form_save-ajax-action</loc>
<lastmod>2026-04-07T15:32:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-flight-radar/live-flight-radar-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-2518-reflected-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-excerpt-link/read-more-excerpt-link-15-cross-site-request-forgery</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amuli/amuli-230-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-product-frontend-for-woocommerce/add-product-frontend-for-woocommerce-106-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beebee-mini/beebee-mini-120-unauthorized-file-upload-via-acf</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-gutenberg-blocks-for-wordpress-woocommerce-104-121-missing-authorization-to-unauthenticated-limited-arbitrary-options-update</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scancircle/scancircle-292-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-274-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-420-reflected-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-727-missing-authorization-checks</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/wp-fullcalendar-141-missing-authorization-to-information-disclosure</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zendesk/wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-115-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-02T20:39:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/force-first-last/force-first-and-last-name-as-display-name-12-cross-site-request-forgery</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-425-authenticated-subscriber-arbitrary-client-deletion-wo_ajax_remove_client</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-72-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-311-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-51030-unauthenticated-authentication-bypass-to-arbitrary-review-submission-via-key-parameter</loc>
<lastmod>2026-04-09T12:26:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-2726-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2026-02-03T19:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-by-wpzoom-4215-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3210-basic-information-exposure-via-rest-route</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjournal/wp-journal-11-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preserve-code-formatting/preserve-code-formatting-401-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kiddy/kiddy-208-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-reply-notification/comment-reply-notification-14-cross-site-request-forgery</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderm00ns-simple-facebook-open-graph-tags/open-graph-and-twitter-card-tags-2241-reflected-cross-site-scripting</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsite-background-takeover/wp-background-takeover-415-directory-traversal</loc>
<lastmod>2018-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-preloader/easy-preloader-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-rating-with-custom-login/ajax-rating-with-custom-login-11-unauthenticated-sql-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-wp-image-gallery/awesome-wp-image-gallery-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/avantage/avantage-249-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3352-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-08T13:33:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-responsive-image-gallery/simple-image-gallery-106-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T12:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mww-disclaimer-buttons/mww-disclaimer-buttons-302-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-songbook/wp-songbook-2011-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3244-authenticated-contributor-stored-cross-site-scripting-via-stock_ticker-shortcode</loc>
<lastmod>2024-06-28T18:15:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19120-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-873-missing-authorization-to-authenticated-subscriber-menu-creationdeletion</loc>
<lastmod>2024-09-04T21:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4811-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gbi-to-print/gbi-to-print-10-authenticated-contributor-stored-cross-site-scripting-via-div-shortcode-attribute</loc>
<lastmod>2026-05-26T17:21:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-designer/product-designer-1036-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-20T13:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-630-authenticated-sql-injection</loc>
<lastmod>2020-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101410-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-08T19:08:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptime-robot-monitor/uptime-robot-plugin-for-wordpress-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-student-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-shortlink/shortlink-by-bestwebsoft-153-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-244-cross-site-request-forgery-to-post-status-update</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/endless-posts-navigation/endless-posts-navigation-229-missing-authorization</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-engagement/slickstream-engagement-and-conversions-144-authenticated-contributor-stored-cross-site-scripting-via-slick-grid-shortcode</loc>
<lastmod>2024-11-11T18:17:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-redirect/shortcode-redirect-1001-cross-site-scripting</loc>
<lastmod>2012-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-222-open-redirect</loc>
<lastmod>2007-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-tracking-employee-time-has-never-been-easier-203-missing-authorization-to-page-creation-and-information-exposure</loc>
<lastmod>2025-11-03T16:00:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shouty/shouty-021-authenticated-contributor-stored-cross-site-scripting-via-shouty-shortcode-attributes</loc>
<lastmod>2025-11-26T14:21:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-status-for-woocommerce/additional-custom-order-status-for-woocommerce-160-reflected-cross-site-scripting</loc>
<lastmod>2024-12-03T21:03:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1304-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360crest-themeone-tinymce-shortcodes/tinymce-shortcode-addon-100-authenticated-contributor-stored-cross-site-scripting-via-btnrel-shortcode-attribute</loc>
<lastmod>2026-06-08T15:07:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-10333-sql-injection</loc>
<lastmod>2013-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-confirmation-email/user-email-verification-for-woocommerce-350-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-3071-stored-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-302-missing-authorization-to-unauthenticated-plugins-settings-modification</loc>
<lastmod>2026-02-18T14:59:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-464-cross-site-request-forgery</loc>
<lastmod>2017-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-24-authenticated-contributor-stored-cross-site-scripting-via-cf7_redirect_page-attribute</loc>
<lastmod>2024-07-01T15:08:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-4222-sql-injection</loc>
<lastmod>2017-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handl-utm-grabber/handl-utm-grabber-tracker-264-cross-site-request-forgery</loc>
<lastmod>2019-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-464-missing-authorization</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifepress/lifepress-221-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-reply-email/comment-reply-email-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traveler-code/traveler-code-311-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-208-cross-site-request-forgery</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-maker/tabs-maker-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:53:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2122-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-172-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-06T15:08:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-authenticated-contributor-stored-cross-site-scripting-via-filterable-gallery-interactive-circle</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-412-membership-privilege-escalation</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popping-sidebars-and-widgets-light/popping-sidebars-and-widgets-light-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geo/wp-geo-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-428-reflected-cross-site-scripting-via-cntctfrm_contact_subject</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/five9/five9-live-chat-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:25:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-229-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/vr-8548-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kelly-young/kelly-young-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/post-video-players-1159-cross-site-request-forgery-via-cincopa_mp_mt_options_page</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-230-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-voting-contest/voting-contest-58-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raychat/raychat-210-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voting-record/voting-record-20-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1382-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiger-form/tiger-forms-200-reflected-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-live-automated-evergreen-webinar-system-also-for-woocommerce-408253-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-rotation/wp-lol-rotation-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-best-wordpress-seo-plugin-easily-improve-seo-rankings-increase-traffic-460-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-easy-allopass/wp-easy-allopass-411-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1611-authenticated-contributor-stored-cross-site-scripting-via-siteorigin-blog-widget</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-store-locator/themify-store-locator-119-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-198-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-1305-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tock-widget/tock-widget-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-planner/progress-planner-190-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2429-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-log-by-click5/history-log-by-click5-1012-authenticatedadministrator-time-based-blind-sql-injection</loc>
<lastmod>2023-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-connect/social-connect-12-authentication-bypass</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cssigniter-shortcodes/cssigniter-shortcodes-241-authenticated-contributor-stored-cross-site-scripting-via-element-shortcode-attribute</loc>
<lastmod>2025-12-02T14:20:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-525-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-store-toolkit/woocommerce-store-toolkit-243-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-208-limited-server-side-request-forgery-via-formassembly-shortcode</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-newsletter-signups/easy-newsletter-signups-104-missing-authorization</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9200-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robin-image-optimizer/robin-image-optimizer-202-authenticated-author-stored-cross-site-scripting-via-image-alternative-text-field</loc>
<lastmod>2026-02-04T19:32:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-screen-manager/login-screen-manager-352-cross-site-request-forgery</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/story-chief/storychief-1030-reflected-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-advanced-qtranslate-fix-editor-problems/tinymce-advanced-qtranslate-fix-editor-problems-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-137-reflected-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-205-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-22-multiple-sql-injections</loc>
<lastmod>2013-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogintroduction-wordpress-plugin/blog-introduction-030-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uni-woo-custom-product-options-premium/product-options-and-price-calculation-formulas-for-woocommerce-uni-cpo-premium-4960-missing-authorization-to-unauthenticated-arbitrary-attachment-and-dropbox-file-deletion</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secudeal-payments-for-ecommerce/secudeal-payments-for-ecommerce-11-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4113-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/petje-af/petjeaf-218-cross-site-request-forgery-to-account-deletion-via-petjeaf_disconnect-ajax-action</loc>
<lastmod>2026-04-14T19:46:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-578-missing-authorization-to-order-updates</loc>
<lastmod>2025-01-07T21:10:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pdf-generator/wp-pdf-generator-122-cross-site-request-forgery-to-pdf-settings-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-privilege-escalation</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ripe-hd-player/ripe-hd-flv-11-full-path-disclosure</loc>
<lastmod>2013-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-2114-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-28813-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3618-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-350-cross-site-request-forgery-via-load</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-160-unauthenticated-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-everything/track-everything-201-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-577-unauthenticated-sql-injection-via-sortf-parameter</loc>
<lastmod>2026-05-12T17:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-magic/local-magic-260-unauthenticated-sql-injection</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-horizontal-reel-scroll-slideshow/image-horizontal-reel-scroll-slideshow-133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-import-any-xml-file-to-wordpress-107-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-27-denial-of-service</loc>
<lastmod>2008-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/thanh-ton-qut-m-qr-code-t-ng-momo-viettelpay-vnpay-v-40-ngn-hng-vit-nam-200-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanup-and-basic-functions/wp-cleanup-and-basic-functions-221-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-04T12:37:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export/wp-all-export-130-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-merchantx/woo-merchantx-10-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kastell/kastell-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-167-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-in-place/search-in-place-10104-missing-authorization-to-feedback-submission</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oi-yamaps/oi-yandexmaps-for-wordpress-327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jc-importer/import-wp-export-and-import-csv-and-xml-files-to-wordpress-21417-unauthenticated-information-exposure</loc>
<lastmod>2025-11-20T18:54:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-page-scroll-updown-buttons/smooth-scroll-page-updown-buttons-13-cross-site-scripting</loc>
<lastmod>2021-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-3096-showbiz-pro-171-missing-authorization-to-arbitrary-file-upload</loc>
<lastmod>2014-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-bootstrap-menu/my-bootstrap-menu-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-357-unauthenticated-sql-injection</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sahu-tiktok-pixel/sahu-tiktok-pixel-for-e-commerce-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-200-2217-missing-authorization-to-authenticated-employee-arbitrary-user-deletion-via-ajax_delete_employee-function</loc>
<lastmod>2025-07-03T12:17:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-championship/wp-championship-59-sql-injection</loc>
<lastmod>2015-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-lyte/wp-youtube-lyte-1715-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-pdf-for-contact-form-7/send-pdf-for-contact-form-7-091-multiple-cross-site-scripting</loc>
<lastmod>2022-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-225-cross-site-request-forgery-to-cache-reset-via-ctf_clear_cache_admin-function</loc>
<lastmod>2025-03-19T16:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-popup-show/easy-popup-show-012-cross-site-request-forgery</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-2511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-263-reflected-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-missing-authorization-to-unauthenticated-portfolio-update</loc>
<lastmod>2025-02-18T19:35:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-and-social-locker-arsocial/social-share-and-social-locker-142-unauthenticated-sql-injection</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-446-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-shortcode/query-shortcode-021-authenticated-contributor-local-file-inclusion-via-lens-shortcode-attribute</loc>
<lastmod>2026-05-26T17:25:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-limit-login/wps-limit-login-1461-stored-cross-site-scripting</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-plus/events-tickets-plus-590-missing-authorization-to-information-exposure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-21015-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2020-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottier-gutenberg/lottier-111-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-image-store/cp-image-store-with-slideshow-119-missing-authorization-to-authenticated-contributor-arbitrary-product-import</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-697-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-plugin-0990-missing-authorization-via-start_staging-and-get_staging_progress</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-content-blocks/global-content-blocks-215-cross-site-request-forgery</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guitar-tuner/gtdb-guitar-tuners-422-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5194-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T16:24:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-seo-translator/aikct-engine-chatbot-chatgpt-gemini-gpt-4o-best-ai-chatbot-162-cross-site-request-forgery-via-update_integration_option</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-vibes/form-vibes-database-manager-for-forms-1413-authenticated-admin-sql-injection</loc>
<lastmod>2026-01-05T14:47:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-blocks/newspack-blocks-308-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sirius/sirius-10-cross-site-scripting</loc>
<lastmod>2007-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2543-missing-authorization</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-641-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-stream/review-stream-167-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtm-server-side/gtm-server-side-2119-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11204-reflected-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-by-supsystic/photo-gallery-by-supsystic-1155-cross-site-request-forgery-to-plugin-settings-change</loc>
<lastmod>2022-06-15T13:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-links/affiliate-links-wordpress-plugin-for-link-cloaking-and-link-management-301-missing-authorization-to-unauthenticated-importexport-and-php-object-injection</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-760-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-3290-reflected-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-769-ip-spoofing-to-limit-login-attempt-bypass</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-plugin-stats/easy-plugin-stats-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T20:29:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fami-sales-popup/fami-sales-popup-200-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-249-authenticated-contributor-stored-cross-site-scripting-via-oceanwp_library-shortcode</loc>
<lastmod>2025-08-29T16:24:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/effect-maker/effect-maker-121-missing-authorization</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-platform/course-booking-platform-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-per-product-emails/easy-digital-downloads-per-product-emails-109-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-118-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-club-manager/wp-club-manager-2211-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crossword-compiler-puzzles/crossword-compiler-puzzles-52-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/wp-ticket-customer-service-software-support-ticket-system-602-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subaccounts-for-woocommerce/subaccounts-for-woocommerce-166-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-4716-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rename-author-slug/rename-author-slug-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-seo-author-snippets/google-seo-pressor-snippet-20-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-1328-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-629-authenticated-contributor-code-injection</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/confidant/confidant-startup-consulting-services-wordpress-theme-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticketbai/ticketbai-facturas-para-woocommerce-318-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7save-extension/cf7save-extension-1-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-213-authorization-bypass</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-leadoo-3112-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-missing-authorization</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/multiple-wponlinesupport-plugins-various-versions-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-tech-tribe/the-tribal-134-unauthenticated-information-exposure</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp24-domain-check/wp24-domain-check-11014-reflected-cross-site-scripting</loc>
<lastmod>2024-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-savesettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-215-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tinysalt/tinysalt-3100-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-via-ajax_unassign_folders</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-for-eventbrite-api/display-eventbrite-events-626-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-270-unauthenticated-server-side-request-forgery-via-pinecone_url-parameter</loc>
<lastmod>2025-11-26T21:00:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-226-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ogami/ogami-153-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-bokun/embed-bokun-023-authenticated-contributor-stored-cross-site-scripting-via-align-parameter</loc>
<lastmod>2025-08-15T14:47:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-backup/simple-backup-2710-arbitrary-file-download-via-path-traversal</loc>
<lastmod>2015-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-login-register/houzez-login-register-263-privilege-escalation</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-wordpress-lms-plugin-for-complete-elearning-solution-338-authenticated-administrator-php-object-injection-via-import_all_courses</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klaviyo/klaviyo-309-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vipps/pay-with-vipps-for-woocommerce-11413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-find-and-replace/real-time-find-and-replace-38-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alphabetical-list/alphabetical-list-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/visual-website-collaboration-feedback-project-management-atarim-3226-hardcoded-credentials</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classified-pro/classified-pro-1014-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-10-15T17:58:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-ordering/loader-utils-js-package-321-regular-expression-denial-of-service</loc>
<lastmod>2022-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-shop-discount-for-woocommerce/sitewide-discount-for-woocommerce-apply-discount-to-all-products-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-menu/float-menu-awesome-floating-side-menu-60-cross-site-request-forgery-to-menu-deletion</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-304-unauthenticated-sql-injection-via-multiformid-parameter</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-323-reflected-cross-site-scripting</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/twitter-bootstrap-collapse-aka-accordian-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/visitor-statistics-real-time-traffic-83-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-widget/video-widget-123-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustprofile/trustprofile-324-cross-site-request-forgery</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-233-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-update-license</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-rates-widget/exchange-rates-widget-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-453-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-fse-blog/hello-fse-blog-106-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-news-slider/image-news-slider-33-arbitrary-file-upload</loc>
<lastmod>2012-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-style/contact-form-7-style-32-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-php-object-injection</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-to-similar-post-104-reflected-cross-site-scripting-via-debug-mode-uri</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-629-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/m2-ce/m2-construction-and-tools-store-112-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-511-cross-site-request-forgery</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-directory-pro/simple-business-directory-pro-1569-unauthenticated-privilege-escalation</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1211-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-visitor-counter/wps-visitor-counter-148-reflected-cross-site-scripting</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rj-quickcharts/rj-quickcharts-061-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooms/wooms-912-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-master/team-master-112-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:25:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms/constant-contact-forms-242-information-disclosure-via-log-files</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-moderator/virtual-moderator-14-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoter-elementor/spoter-for-elementor-104-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobscout/jobscout-117-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-finder/shortcodes-finder-153-reflected-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-storefront/vw-storefront-099-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-leagues-by-anwppro/anwp-football-leagues-0167-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-23T18:14:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-737-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nite-shortcodes/nite-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-503-authenticated-contributor-sql-injection-via-filtersorderby_order-parameter</loc>
<lastmod>2026-03-23T12:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3861-unauthenticated-sql-injection-via-_cct_search-parameter</loc>
<lastmod>2026-04-13T12:57:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0213-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-302-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventr/eventr-1022-sql-injection</loc>
<lastmod>2017-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-063-missing-authorization-via-init</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-421-missing-authorization-to-authenticated-contributor-post-thumbnail-modification</loc>
<lastmod>2025-12-15T16:51:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/VirtualAssistant/virtual-assistant-30-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1125-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ukuupeople-the-simple-crm/crm-contact-management-simplified-ukuupeople-163-cross-site-request-forgery-to-favorite-additiondeletion</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-performance/marketing-performance-200-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crony/crony-cronjob-manager-050-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-235-stored-cross-site-scripting</loc>
<lastmod>2015-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-fastest-wordpress-migration-duplicator-271-missing-authorization-to-authenticated-contributor-backup-creation-and-download</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenthumb/green-thumb-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-452-missing-authorization-in-startprocess-to-arbitrary-redirect-via-update_link_redirect-task</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2686-missing-authorization</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-biblie-references/bg-bible-references-3814-reflected-cross-site-scripting</loc>
<lastmod>2022-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1113-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homey-login-register/homey-login-register-240-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/backpacktraveler/backpack-traveler-2102-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-plugin-for-wordpress-307-missing-authorization-to-authenticated-subscriber-link-manipulation</loc>
<lastmod>2025-10-23T20:11:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-ultimate-template-builder-for-elementor-215-authenticated-contributor-stored-cross-site-scripting-via-animation-title-widget-img-tag</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-slider/yoo-slider-plugin-200-cross-site-request-forgery</loc>
<lastmod>2022-04-11T17:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1320-unauthenticated-stored-cross-site-scripting-via-double-html-entity-encoding-in-submission-form</loc>
<lastmod>2026-02-09T20:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post/related-posts-inline-related-posts-contextual-related-posts-related-content-by-pickplugins-2059-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T21:30:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpp-slideshow/gpp-slideshow-135-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-content-mail-actions/privatecontent-mail-actions-232-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echo/echo-1150-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-download-link/email-download-link-37-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-official/smsa-shippingofficial-23-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-12-20T18:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-64-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/fatcat-apps-analytics-cat-109-cross-site-request-forgery</loc>
<lastmod>2022-03-08T21:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-progess-bar/awesome-progress-bar-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boat-rental-system/boat-rental-plugin-for-wordpress-101-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-twitter-feeds/custom-twitter-feeds-a-tweets-widget-or-x-feed-widget-221-cross-site-request-forgery-to-plugin-options-update</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reflector-plugins/reflector-122-reflected-cross-site-scripting</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-by-supsystic/coming-soon-by-supsystic-1710-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/advanced-ajax-product-filters-3196-authenticated-author-php-object-injection-via-live-composer-compatibility</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/outgrow/outgrow-21-authenticated-contributor-stored-cross-site-scripting-via-outgrow-shortcode-id-attribute</loc>
<lastmod>2026-03-20T15:08:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartboss/sms-abandoned-cart-recovery-cartboss-412-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solidres/solidres-hotel-booking-plugin-094-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-62-authenticated-admin-server-side-request-forgery-via-webhook</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-request-manager/music-request-manager-13-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jma-youtube-playlists-with-schema/youtube-playlists-with-schema-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:29:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-store-locator/custom-wp-store-locator-147-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-232-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-toolkit-pro/uncanny-toolkit-pro-for-learndash-414-missing-authorization-to-arbitrary-pagepost-duplication</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenix-elementor-leads-addon/lenix-elementor-leads-addon-182-unauthenticated-stored-cross-site-scripting-via-url-form-field</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/morpheus-slider/responsive-3d-slider-12-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-comment-form-cst/ajax-comment-form-cst-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-cross-site-request-forgery-to-cross-site-scripting-via-render_dropdown</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-point-of-sale/woocommerce-point-of-sale-610-insecure-direct-object-reference-to-privilege-escalation-via-arbitrary-user-email-change</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsmol2wp/jsmol2wp-107-server-side-request-forgery</loc>
<lastmod>2018-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-google-photos-album-easily/embed-google-photos-album-219-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuturn/tuturn-36-unauthenticated-missing-authorization</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-52-cross-site-scripting</loc>
<lastmod>2009-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-post-thumbnails/generate-post-thumbnails-08-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woo-product-list-widget/product-list-widget-for-woocommerce-10-reflected-cross-site-scripting</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1167-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1525-authenticated-author-php-object-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-assistant-for-woocommerce-jarvis/floating-buttons-for-woocommerce-288-missing-authorization</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onpay-io-for-woocommerce/onpayio-for-woocommerce-1047-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-manager-for-wordpress/sermon-manager-2300-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-3151-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rexcrawler/rexcrawler-1015-reflected-cross-site-scripting-via-url-and-regex-parameters</loc>
<lastmod>2026-03-20T15:17:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-author-box/simple-author-box-251-authenticated-contributor-insecure-direct-object-reference-to-arbitrary-user-sensitive-information-exposure</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extendons-registration-fields/woocommerce-registration-fields-plugin-custom-signup-fields-323-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unique/unique-030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-authenticated-wildcard-activation-and-retrieval</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.5/wordpress-core-655-authenticated-contributor-stored-cross-site-scripting-via-template-part-block</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-feed-gallery-portfolio/social-feed-gallery-portfolio-13-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2025-12-05T17:48:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-229-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T13:46:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-ssl/one-click-ssl-146-cross-site-request-forgery</loc>
<lastmod>2019-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-ecommerce-made-easy-for-selling-physical-products-digital-downloads-subscriptions-donations-payments-432-reflected-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-order-alert/order-listener-for-woocommerce-play-sounds-instantly-on-new-orders-321-unauthenticated-sql-injection</loc>
<lastmod>2022-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-lms-e-learning-platform-1132-cross-site-request-forgery-to-module-deletion</loc>
<lastmod>2024-12-05T19:35:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-jetpack/recaptcha-jetpack-022-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-elementor/themesflat-elementor-101-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-medical-drawing-of-human-body/interactive-medical-drawing-of-human-body-24-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-modules-el/wp-post-modules-for-elementor-250-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-cors/enable-cors-203-backdoor</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-fonts/persian-fonts-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-091-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lms-elementor-pro/lms-elementor-pro-104-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3551-authenticated-contributor-sql-injection-via-order_by-shortcode-attribute</loc>
<lastmod>2026-03-03T18:17:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-multipurpose-woocommerce-theme-954-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-10-14T14:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/job-postings-2710-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-responsive-news-tickers-sliders-and-lists-3144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listapp-mobile-manager/listapp-mobile-manager-177-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-38118-reflected-cross-site-scripting</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-portfolio/portfolio-gallery-responsive-image-gallery-145-missing-authorization-to-arbitrary-gallery-deletion</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-cpt-base/remove-cpt-base-58-cross-site-request-forgery-to-cpt-base-deletion</loc>
<lastmod>2022-05-06T13:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-303-cross-site-scripting</loc>
<lastmod>2010-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/card-flip-image-slideshow/card-flip-image-slideshow-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4145-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-307-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-726-authenticated-administrator-remote-code-execution</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/wp-full-stripe-free-825-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sparkle-fse/sparkle-fse-109-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-146-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjam-basic/wpjam-basic-621-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-443-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-buddy/shortcode-buddy-0195-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:27:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-table-of-content/cm-table-of-contents-123-cross-site-request-forgery</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-236-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-download-access</loc>
<lastmod>2026-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ridhi/ridhi-112-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-220-authenticated-student-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automatic-links/seo-smart-links-301-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0108-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1082-missing-authorization-to-appointment-time-alteration</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesforce-crmperks/wp-gravity-forms-salesforce-147-open-redirect</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-942-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blabber/blabber-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-wordpress-custom-fields-framework-592-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-directory-free/web-directory-free-169-unauthenticated-sql-injection</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-450-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-513-authenticated-editor-stored-cross-site-scripting-via-memo-parameter</loc>
<lastmod>2026-06-09T18:48:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4518-authenticated-contributor-server-side-request-forgery-via-new_link-parameter</loc>
<lastmod>2026-06-23T16:46:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-932-user-enumeration-bypass-via-rest-api</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gaea/gaea-38-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-253-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-food-manager/wp-food-manager-103-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-252-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2111-authenticated-subscriber-stored-cross-site-scripting-via-dom-gadgets</loc>
<lastmod>2026-04-03T19:29:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2syslog/wp2syslog-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-board/notice-board-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crontrol/wp-crontrol-13-reflected-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optin-wheel/wp-optin-wheel-142-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backup-mainwp/wpvivid-backup-for-mainwp-0932-reflected-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-111126-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadin/hubspot-all-in-one-marketing-forms-popups-live-chat-11332-missing-authorization-to-authenticated-contributor-installed-plugin-disclosure</loc>
<lastmod>2026-04-23T19:19:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-5911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-state-tags/post-state-tags-206-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/competition-form/competition-form-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-38-unauthenticated-limited-admin-account-compromise</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-free-templates-library-live-copy-animations-post-grid-post-carousel-particles-sliders-chart-blogs-262-missing-authorization-to-authenticated-subscriber-limited-arbitrary-options-update</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging-pro/wp-staging-pro-backup-duplicator-migration-560-cross-site-request-forgery-to-limited-local-file-inclusion</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaburst-email-to-sms/clockwork-sms-notfications-242-cross-site-scripting</loc>
<lastmod>2017-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-154-cross-site-scripting</loc>
<lastmod>2017-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-313-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2403-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wphelpful/wphelpful-124-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T19:53:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-1021-authenticated-contributor-stored-cross-site-scripting-via-bookingform-shortcode</loc>
<lastmod>2024-07-23T18:49:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alojapro-widget/alojapro-widget-1115-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookr/appointment-booking-calendar-plugin-102-missing-authorization-to-unauthenticated-arbitrary-appointment-status-modification</loc>
<lastmod>2026-02-13T17:29:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-missing-authorization-via-get_form_fields</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-privilege-escalation</loc>
<lastmod>2006-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-plus-before-after-image-slider-free/ba-plus-103-reflected-cross-site-scripting</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-llms-txt/website-llmstxt-826-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-04-20T18:26:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-500-562-authenticated-backwpup-helper-privilege-escalation-via-arbitrary-options-update</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wordpress-pages-to-static-html-pdf-static-site-export-600-cross-site-request-forgery</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-70020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-subscribe/ultimate-subscribe-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20994-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bg-church-memos/bg-church-memos-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5120-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amelia/booking-for-appointments-and-events-calendar-amelia-premium-77-and-lite-124-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-09-04T21:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groovy-menu-free/groovy-menu-143-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-156-unauthenticated-information-exposure</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixtypes/pixtypes-1414-cross-site-request-forgery</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/process-steps-template-designer/process-steps-template-designer-121-cross-site-request-forgery</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progressive-wp/progressive-wordpress-pwa-2113-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-216-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/GamesTheme/gamestheme-103-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asambleas/wp-asambleas-2850-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:49:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-zelle/checkout-with-zelle-on-woocommerce-31-missing-authorization</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-232-sql-injection</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4165-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xinterio/xinterio-42-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-pro/ajax-search-pro-35-cross-site-request-forgery</loc>
<lastmod>2015-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/filmax/filmax-1111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arabic-webfonts/arabic-webfonts-146-missing-authorization</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-164-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-20T19:47:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/woocommerce-stock-manager-109-authorization-bypass</loc>
<lastmod>2016-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-register-profile-with-shortcode/wp-register-profile-with-shortcode-362-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anytrack-affiliate-link-manager/anytrack-affiliate-link-manager-104-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-payment-forms-builder-10175-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-telegram-for-wp/simple-telegram-093-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3916-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-skrill-woocommerce/skrill-official-1066-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dirtysuds-embed-pdf/embed-pdf-106-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4153-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-130-authenticated-administrator-sql-injection</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appointments-schedules/appointments-scheduler-15-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/wp-full-stripe-free-705-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-by-whitestudio-drag-drop-form-builder-406-unauthenticated-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medilazar-core/medilazar-core-147-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-11-arbitrary-file-upload</loc>
<lastmod>2016-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foliopress-wysiwyg/foliopress-wysiwyg-2616-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0188-missing-authorization</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-post-topics/post-comments-as-bbpress-topics-223-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-switcha/theme-switcha-33-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-251-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mathjax-plus/wp-mathjax-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-pages-at-depth/list-pages-at-depth-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-create-redeem-manage-digital-gift-certificates-with-personalized-templates-266-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-importer-secondline/podcast-importer-secondline-138-sql-injection</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/famous_grid_image_and_video_gallery/famous-responsive-image-and-video-grid-gallery-wordpress-14-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-337-authentication-bypass-to-support-session-takeover</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-translate/my-wp-translate-103-reflected-cross-site-scripting</loc>
<lastmod>2017-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types/custom-post-types-custom-fields-more-504-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/my-sticky-elements-208-authenticated-admin-sql-injection</loc>
<lastmod>2023-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-shortcodes/bootstrap-shortcode-340-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openpgp-form-encryption/openpgp-form-encryption-for-wordpress-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-1446-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-460-reflected-cross-site-scripting-via-wp_lang</loc>
<lastmod>2023-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-move-topics/bbpress-move-topics-114-php-object-injection</loc>
<lastmod>2018-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pagelines/pagelines-theme-146-missing-authorization</loc>
<lastmod>2015-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-31-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-32-authenticated-contributor-stored-cross-site-scripting-via-shortcode_debug-parameter</loc>
<lastmod>2025-08-29T16:24:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guruwalk-affiliates/guruwalk-affiliates-100-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-2013-missing-authorization</loc>
<lastmod>2015-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/where-did-they-go-from-here/wz-followed-posts-display-what-visitors-are-reading-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-06T18:49:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1491-missing-authorization-to-authenticated-forminator-user-csv-export</loc>
<lastmod>2026-01-08T17:47:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-heading-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-01024-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient/salient-1740-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogroll-fun/blogroll-fun-show-last-post-and-last-update-time-085-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-information-disclosure</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11527-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T23:14:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meteor/wp-meteor-page-speed-optimization-topping-314-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-security/simple-security-115-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bookings/woocommerce-bookings-11578-insecure-direct-object-reference</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-generator/sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-249-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-email-marketing-y-newsletters-23-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-17010-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-tag-for-wc-from-goaskle-com/qr-code-tag-for-wc-order-emails-1936-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-ai-powered-seo-71030-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/copypress/copypress-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moneytigo/ovri-payment-170-malicious-htaccess-directive</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3232-missing-authorization-to-information-exposure</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-641-authenticated-author-path-traversal</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vehicle-parts-finder/woocommerce-vehicle-parts-finder-37-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33203-authenticated-custom-arbitrary-file-read-and-server-side-request-forgery</loc>
<lastmod>2025-12-16T18:43:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-690-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orange-form/orange-form-101-cross-site-request-forgery</loc>
<lastmod>2021-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-line-notify/line-notify-144-reflected-cross-site-scripting-via-uid</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoorum-comments/zoorum-comments-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-14T14:24:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-links-page/wp-links-page-495-missing-authorization-to-authenticated-subscriber-limited-image-update</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eyewear-prescription-form/eyewear-prescription-form-4018-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/phlox-pro/phlox-pro-5164-reflected-cross-site-scripting-via-search-parameters</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-no-bot-question/wp-no-bot-question-017-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-431-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-05-07T19:58:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-popup/newsletter-popup-12-unauthenticted-stored-cross-site-scripting-via-nl_data</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-330-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-password-protection-3557-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce/premmerce-1319-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-gift-cards-premium/yith-woocommerce-gift-cards-premium-330-arbitrary-file-upload</loc>
<lastmod>2021-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/football-pool/football-pool-2125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-161-cross-site-request-forgery-in-multiple-functions-in-admincontrollerphp</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eonet-manual-user-approve/eonet-manual-user-approve-213-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-db-pro/wp-migrate-pro-2610-unauthenticated-php-object-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preview-link-generator/preview-link-generator-103-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-store/music-store-wordpress-ecommerce-1119-reflected-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2168-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-sensitive-data-exposure</loc>
<lastmod>2019-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-191-cross-site-scripting</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-255-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transbank-webpay-plus-rest/transbank-webpay-rest-166-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-library-lite/document-library-lite-116-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-10-31T13:31:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-3994-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/announce-from-the-dashboard/announce-from-the-dashboard-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-for-wordpress-by-funnelkit-customize-woocommerce-checkout-pages-create-sales-funnels-order-bumps-one-click-upsells-331-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-donations/donations-14-unauthenticated-arbitrary-options-change</loc>
<lastmod>2019-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-docs-rsvp-guestlist/google-docs-rsvp-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11413-cross-site-request-forgery-leading-to-attachment-deletion-path-traversal</loc>
<lastmod>2019-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-invoice/easy-invoice-214-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-161-sql-injection</loc>
<lastmod>2011-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/solar/solar-energy-35-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-count-255-cross-site-request-forgery</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chgfontsize/wp-chgfontsize-18-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hcv4-payment-gateway/hiecor-payment-gateway-plugin-1511-unauthenticated-sql-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-locker-content/social-locker-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-517-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonus-for-woo/bonus-for-woo-582-reflected-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connect-daily-web-calendar/wordpress-events-calendar-plugin-connectdaily-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-paymaster-gateway-019/paymaster-for-woocommerce-0431-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-07-03T12:22:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-116-reflected-cross-site-scripting-via-shortcode_id-parameter</loc>
<lastmod>2026-04-17T11:44:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annuncifunebri-onoranza/annuncifunebri-impresa-470-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-options-deletion</loc>
<lastmod>2025-12-12T16:04:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-plugin-installer/multi-plugin-installer-120-arbitrary-file-read</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapifylite/mapifylite-and-mapifypro-33-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/gutenberg-template-library-redux-framework-421-incorrect-authorization-leading-to-arbitrary-plugin-installation-and-post-deletion</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-floating-button/blog-floating-button-1412-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smsa-shipping-official/smsa-shipping-23-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21519-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wetterwarner/wetterwarner-272-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-grab/grab-save-104-reflected-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-search/advanced-post-search-110-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-edit-delete-listing-for-member-module/add-edit-delete-listing-module-10-sql-injection</loc>
<lastmod>2017-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-czech-4010-reflected-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopper/shopper-325-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-334-authenticated-contributor-sql-injection</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-63015-authenticated-subscriber-missing-authorization-via-multiple-functions</loc>
<lastmod>2025-03-25T21:29:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables-pro/ninja-tables-pro-5017-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-address-print/woocommerce-order-address-print-32-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tera-charts/tera-charts-10-reflected-cross-site-scripting</loc>
<lastmod>2016-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-ratings/comments-ratings-116-cross-site-request-forgery</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171053-missing-authorization</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1250-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rife-elementor-extensions/rife-elementor-extensions-templates-121-authenticated-contributor-stored-cross-site-scripting-via-writing-effect-headline-widget</loc>
<lastmod>2024-07-01T19:26:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attach-gallery-posts/attach-gallery-posts-16-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-responsive-slideshow/slider-responsive-slideshow-image-slider-gallery-slideshow-154-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-624-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-street-view/wp-google-street-view-with-360-virtual-tour-google-maps-local-seo-118-authenticated-contributor-stored-cross-site-scripting-via-wpgsv_map-shortcode</loc>
<lastmod>2026-01-08T18:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-21-sql-injection</loc>
<lastmod>2013-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-form-builder-for-wordpress-drag-drop-contact-forms-surveys-payments-multipurpose-forms-12613-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-countdown-widget/wordpress-countdown-widget-3191-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2692-authenticatedcontributor-stored-cross-site-scripting-via-post-grid</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-54-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2025-05-01T14:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-732-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inject/imageinject-115-cross-site-request-forgery</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2269-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/behold/behold-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3536-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-cross-site-scripting-via-media-uploads</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-106-authenticated-subscriber-stored-cross-site-scripting-via-wpbe_update_page_field</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/businext/businext-244-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1814-authenticated-contributor-stored-cross-site-scripting-via-babe-search-form-shortcode</loc>
<lastmod>2025-12-18T18:15:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-1283-unauthenticated-sensitive-information-exposure-via-settings-backup</loc>
<lastmod>2026-03-05T10:58:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-forum/yellow-swordfish-simple-forum-111-sql-injection</loc>
<lastmod>2008-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4073-missing-authorization-to-authenticated-subscriber-event-attendees-export</loc>
<lastmod>2025-03-06T11:33:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rb-internal-links/rb-internal-links-2016-cross-site-request-forgery-to-settings-update-and-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-table-contact-form-db-wpforms-cf7-gravity-forminator-fluent-1132-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-023-unauthenticated-comment-creation</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-lightbox/lightpress-lightbox-234-authenticated-contributor-stored-cross-site-scripting-via-group-shortcode-attribute</loc>
<lastmod>2026-04-07T13:33:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-memberships-for-paypal/subscriptions-memberships-for-paypal-116-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2025-02-25T19:40:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-status-notifier-lite/post-status-notifier-lite-1100-reflected-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/wow-styler-for-cf7-visual-styler-for-contact-form-7-forms-176-missing-authorization</loc>
<lastmod>2026-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-234-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-builder/testimonial-builder-161-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdfl-io/pdflio-105-authenticated-contributor-stored-cross-site-scripting-via-text-shortcode-attribute</loc>
<lastmod>2026-04-07T20:58:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/craftcoffee/craft-236-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbulky-wp-bulk-edit-post-types/wpbulky-1113-authenticated-author-sql-injection</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2333-cross-site-request-forgery-to-stripe-integration-deletion</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webauthn/wp-webauthn-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chronoforms/chronoforms-709-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waitlist-woocommerce/waitlist-woocommerce-back-in-stock-notifier-251-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/wpbakery-page-builder-addons-by-livemesh-381-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-help/chat-help-313-missing-authorization</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-189-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-factory/responsive-image-slider-photo-gallery-and-carousel-136-missing-authorization</loc>
<lastmod>2021-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19120-cross-site-request-forgery-to-account-disconnection</loc>
<lastmod>2025-11-26T17:29:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexio/nexio-1100-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-pricing/wholesale-for-woocommerce-230-unauthenticated-information-exposure</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-whois-search/whois-1424-cross-site-scripting</loc>
<lastmod>2012-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/admin-and-customer-messages-after-order-for-woocommerce-orderconvo-14-missing-authorization-to-unauthenticated-user-impersonation-in-order-messages</loc>
<lastmod>2025-11-24T19:17:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-frontend/frontend-file-manager-40-n-media-post-front-end-form-11-arbitrary-file-upload</loc>
<lastmod>2016-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-business-directory/cm-business-directory-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T13:26:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-chat-support-by-social-intents/social-intents-1614-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmaps-for-visual-composer-free/gmaps-for-wpbakery-page-builder-free-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-170-sql-injection-via-order-by</loc>
<lastmod>2019-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_save_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-sharing/wp-social-sharing-22-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-dashboard-4601-cross-site-request-forgery-via-posting_bulk</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-calendar/timeline-calendar-12-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snsvicky/sns-vicky-37-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-admin/wordpress-database-administrator-103-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-greeting-message/buddypress-greeting-message-103-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-428-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-02-26T06:37:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-171-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-17-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-546-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-521-missing-authorization-to-unauthenticated-google-analytics-tracking-id-modification</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-roles-and-capabilities/user-roles-and-capabilities-126-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-multivendor-marketplace-solution-for-woocommerce-357-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getshop-ecommerce/getshop-ecommerce-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-395-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-607-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-28T13:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-578-unauthenticated-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-external-attachments/import-external-attachments-1512-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-16811-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listen-shortcode/listen-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:26:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-business-directory-pro/simple-business-directory-pro-1551-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-header-footer-script-loader/cm-header-and-footer-124-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-offline/site-offline-157-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration/event-registration-60202-php-object-injection</loc>
<lastmod>2016-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-268-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-417-improper-authorization-to-authenticated-author-arbitrary-attachment-change-via-background-replace</loc>
<lastmod>2026-03-03T18:17:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vodpod-video-gallery/vodpod-video-gallery-317-reflected-cross-site-scripting</loc>
<lastmod>2010-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dpt-oauth-client/oauth-client-by-digitialpixies-110-cross-site-request-forgery</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-253-sql-injection</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf/save-as-pdf-button-192-authenticated-contributor-stored-cross-site-scripting-via-restpackpdfbutton-shortcode</loc>
<lastmod>2025-11-12T20:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woohoo/woohoo-newspaper-magazine-theme-253-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-429-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-202-missing-authorization-to-unauthenticated-information-disclosure</loc>
<lastmod>2024-06-10T17:32:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crudlab-google-plus/crudlab-google-plus-button-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profiles/wp-user-profiles-262-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-associate-filter/amazon-associate-filter-04-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-events/wooevents-417-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-simple-form/contact-us-simple-form-10-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-01-06T20:30:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-session-synchronizer/user-session-synchronizer-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2141-local-file-inclusion</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bang-tinh-lai-suat/bang-tinh-vay-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/note-press/note-press-0110-authenticated-admin-sql-injection-via-id-parameter</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1071-unauthenticated-poll-limit-bypass</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandnews/grand-news-343-reflected-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4027-directory-traversal-via-x-filename</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-performance-accelerator/aio-performance-profiler-monitor-optimize-compress-debug-12-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-4511-cross-site-scripting</loc>
<lastmod>2015-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hostel/goodlayers-hostel-312-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pocket-news-generator/pocket-news-generator-020-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revision-manager-tmc/revision-manager-tmc-2819-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2024-09-06T01:25:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-optimize-web-vitals-automatically-242-missing-authorization-to-authenticated-subscriber-plugin-settings-modification-and-sql-injection</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-14-authenticated-administrator-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-02-19T21:10:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-22-unauthenticated-limited-arbitrary-option-update</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2024-06-04T17:04:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberspace/memberspace-2113-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-22-subscriber-sql-injection</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4011-missing-authorization-to-settings-import</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-1184-cross-site-scripting</loc>
<lastmod>2020-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3118-authentication-bypass</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-title-splitter/page-title-splitter-259-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-themes-helper/child-themes-helper-227-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-intercom-slack/wp-intercom-slack-121-sensitive-information-disclosure</loc>
<lastmod>2019-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpwizard/mpwizard-create-mercado-pago-payment-links-121-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2025-10-02T21:29:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-unauthenticated-ip-spoofing</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5358-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-search/e-search-10-reflected-cross-site-scripting-via-title_az-parameter</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-240-privilege-escalation</loc>
<lastmod>2016-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-linking-of-related-contents/internal-linking-of-related-contents-118-missing-authorization</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-charity-multipurpose-non-profit-wordpress-theme-785-missing-authorization-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T15:24:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meta-news/meta-news-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-324-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-19T12:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support_ticket/support-ticket-management-system-19-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-615131-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-missing-authorization-in-clear_page_cache</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-reflected-cross-site-scripting-via-lead-editing</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branded-social-images/branded-social-images-110-missing-authorization-leading-to-unauthenticated-plugin-settings-updates</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms/cforms-101-cross-site-scripting</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-shortcodes/wpzoom-shortcodes-105-authenticated-contributor-stored-cross-site-scripting-via-box-shortcode</loc>
<lastmod>2024-09-24T12:23:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sailing/sailing-446-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-gateway-3ds2/trust-payments-gateway-for-woocommerce-javascript-library-136-cross-site-request-forgery</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-image-gallery-with-pretty-photo-zoom/prettyphoto-library-multiple-plugins-and-themes-314-dom-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-shop-styling/wp-ecommerce-shop-styling-26-directory-traversal</loc>
<lastmod>2015-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-to-settings-update</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5113-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T19:02:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goya/goya-1087-unauthenticated-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eggdrop/wp-eggdrop-01-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-connector/wp-forms-connector-18-unauthenticated-sql-injection-via-order-parameter</loc>
<lastmod>2026-06-23T16:39:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-123116-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-voting/tribulant-gallery-voting-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rock-convert/rock-convert-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmatic/newsmatic-131-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-media/easy-social-13-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-user/final-user-125-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/etude/etude-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3124-authenticated-file-upload</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41025-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-205-cross-site-request-forgery</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/donpeppe/don-peppe-pizza-and-fast-food-wordpress-theme-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-106-reflected-cross-site-scripting</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-3225-authenticated-author-server-side-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arcane/arcane-366-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-324-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-field-visibility-for-woocommerce/checkout-field-visibility-for-woocommerce-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-counter/post-views-counter-144-cross-site-request-forgery-via-save_bulk_post_views</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mmm-unity-loader/mmm-unity-loader-10-authenticated-contributor-stored-cross-site-scripting-via-attributes-parameter</loc>
<lastmod>2025-08-01T19:37:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kipso/kipso-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/wp-maintenance-mode-206-remote-code-execution</loc>
<lastmod>2018-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-metadata-cruncher/image-metadata-cruncher-18-reflected-cross-site-scripting</loc>
<lastmod>2015-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-co-pilot-for-wp/ai-copilot-127-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-502-authenticated-subscriber-sql-injection-via-order-and-sort_by-parameters</loc>
<lastmod>2026-02-17T17:19:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/wordpress-landing-page-squeeze-page-responsive-landing-page-builder-free-wp-lead-plus-x-098-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-381-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2016-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5241-reflected-cross-site-scripting-via-section_id</loc>
<lastmod>2023-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/term-taxonomy-converter/term-taxonomy-converter-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaderboard-lite/leaderboard-plugin-124-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-table-editor/wp-db-table-editor-184-missing-authorization-to-authenticatedcontributor-database-access</loc>
<lastmod>2024-06-03T17:10:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-3406-sql-injection</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-media-related-security-issue</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-spaces/real-spaces-wordpress-properties-directory-theme-35-authenticated-subscriber-privilege-escalation-to-administrator-via-change_role_member</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-plugin-data-removal-in-reinitialize</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-420-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-menu/wp-responsive-menu-317-missing-authorization-to-settings-update-stored-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-203-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-380-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-missing-authorization-to-product-manipulation</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-shout-box/wordpress-shout-box-widget-202-sql-injection</loc>
<lastmod>2013-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-best-documentation-faq-knowledge-base-plugin-with-ai-support-instant-answer-for-elementor-gutenberg-342-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3872-stored-cross-site-scripting</loc>
<lastmod>2011-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyfunnel-lite/surveyfunnel-survey-plugin-for-wordpress-115-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-04T16:27:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headless-cms/headless-cms-203-missing-authorization</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-4711-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-loyalty-points-and-rewards-plugin-2752-authenticated-contributor-stored-cross-site-scripting-via-mycred_send-shortcode</loc>
<lastmod>2024-12-05T17:20:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenbee/gutenbee-2201-authenticated-author-arbitrary-file-upload-via-wp_check_filetype_and_ext-filter</loc>
<lastmod>2026-05-27T18:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/laurits/laurits-151-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpyog-documents/wpyog-documents-135-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-users-messenger/all-users-messenger-124-authenticated-subscriber-insecure-direct-object-reference-to-message-deletion</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-2010-open-redirect</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-164-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-wp-query-search-filter/advance-wp-query-search-filter-1010-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-342-ip-address-spoofing</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ark-core/ark-theme-core-1700-unauthenticated-remote-code-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-by-lightspeed-ecommerce-shopping-cart-707-authenticated-subscriber-privilege-escalation-via-ec_store_admin_access</loc>
<lastmod>2026-02-14T14:30:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5105-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-399-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-and-files-contest-gallery-2132-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5932-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T19:18:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-148-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-325-cross-site-request-forgery</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6431-authenticated-editor-sql-injection</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jump-menu/wp-jump-menu-364-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-world-map/interactive-world-map-344-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5995-unauthenticated-privilege-escalation-via-email-overwrite</loc>
<lastmod>2026-06-29T16:51:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aardvark-plugin/aardvark-219-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textp2p-texting-widget/textp2p-texting-widget-17-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-04-21T19:07:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-keys/page-keys-133-authenticated-administrator-stored-cross-site-scripting-via-page_key-parameter</loc>
<lastmod>2026-01-06T19:58:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-194-reflected-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-smart-bot-blocking-intrusion-prevention-security-19113-cross-site-request-forgery</loc>
<lastmod>2024-06-01T16:29:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-faqs/wp-easy-faqs-105-authenticated-author-stored-cross-site-scripting-via-wp_easy_faq-shortcode</loc>
<lastmod>2025-09-10T18:44:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themarketer/themarketer-147-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/estate/estate-134-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supervisor/supervisor-132-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-10-23T19:46:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171049-authenticated-contributor-stored-cross-site-scripting-via-rest-api-meta-bypass</loc>
<lastmod>2026-04-03T19:31:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-262-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-deletion-via-admin_log_page-function</loc>
<lastmod>2025-03-21T23:18:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-21-modules-all-in-one-solution-324-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-24T15:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocustomizer/storecustomizer-a-plugin-to-customize-all-woocommerce-pages-263-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antivirus/antivirus-11-full-path-disclosure</loc>
<lastmod>2013-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pollin/pollin-1011-authenticated-admin-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-019-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-6011-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-smtp/wp-mail-smtp-401-authenticated-admin-smtp-password-exposure</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-5510-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-avatar-modification-via-user_id-parameter</loc>
<lastmod>2026-05-01T15:33:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-live/wp-youtube-live-1721-reflected-cross-site-scripting</loc>
<lastmod>2022-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-37-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-fns/wp-rest-api-fns-100-privilege-escalation</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3495-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T20:55:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-buffer-button/the-buffer-button-10-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1337-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invition-print-ship/printeers-print-ship-1170-unauthenticated-path-traversal</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-registration-spam/stop-registration-spam-123-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-16T18:59:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/smart-post-show-300-authenticated-editor-stored-cross-site-scripting-via-pagination-color</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-522-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-order-export/ni-woocommerce-order-export-316-cross-site-request-forgery-to-settings-update-via-ni_order_export_action-ajax-action</loc>
<lastmod>2026-04-21T19:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/cincopa-video-and-media-plug-in-1163-unauthenticated-stored-cross-site-scripting-via-cincopa-shortcode-in-post-comments</loc>
<lastmod>2026-06-23T16:37:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-unauthenticated-time-based-sql-injection</loc>
<lastmod>2024-05-09T19:40:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/werkstatt/werkstatt-creative-portfolio-wordpress-theme-472-cross-site-request-forgery</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-affiliate-plugin-for-woocommerce-630-reflected-cross-site-scripting-via-commission_summary-parameter</loc>
<lastmod>2025-04-17T16:23:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-api/constant-contact-for-wordpress-411-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-woocommerce-multivendor-marketplace-3411-unauthenticated-sql-injection</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-font-awesome/better-font-awesome-201-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplyconvert/simplyconvert-10-authenticated-administrator-stored-cross-site-scripting-via-simplyconvert_hash-option</loc>
<lastmod>2025-12-11T14:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adaptive-images/adaptive-images-0668-reflected-cross-site-scripting</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-2611-cross-site-request-forgery-to-limited-privilege-escalation</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-61-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dialogs/dialogs-103-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-nextgen-gallery-404-authenticated-author-local-file-inclusion</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-766-cross-site-request-forgery</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-3427-validation-bypass-via-email-field</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/evolve/evolve-127-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio5-html5-shoutcast-sticky/apollo-sticky-full-width-html5-audio-player-34-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-347-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-461-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsensei-b30/adsmonetizer-312-reflected-cross-site-scripting</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-275-sensitive-credentials-stored-in-plaintext</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-opensearch/wp-opensearch-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/caulk/caulk-unknown-versions-full-path-disclosure</loc>
<lastmod>2013-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopengine/shopengine-elementor-woocommerce-builder-addon-all-in-one-woocommerce-solution-483-insufficient-authorization-to-authenticated-editor-settings-update</loc>
<lastmod>2025-09-25T14:25:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-buttons/social-share-buttons-for-wordpress-27-missing-authorization-to-unauthenticated-image-upload-path-traversal</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-archive-mapping/custom-query-blocks-550-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/token-of-trust/age-verification-identity-verification-by-token-of-trust-3323-unauthenticated-stored-cross-site-scripting-via-description-parameter</loc>
<lastmod>2026-04-14T11:34:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/att-youtube/att-youtube-widget-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ioncube-tester-plus/ioncube-tester-plus-13-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-128-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-guestbook/comment-guestbook-080-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/studiozen/studiozen-16-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-order-form-builder/stylish-order-form-builder-10-authenticated-subscriber-stored-cross-site-scripting-via-product_name-parameter</loc>
<lastmod>2026-01-06T20:08:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-322-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-robot/wp-video-robot-1200-authenticated-subscriber-privilege-escalation-via-user-meta-update</loc>
<lastmod>2024-11-15T15:08:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-363-authenticated-vendor-stored-cross-site-scripting</loc>
<lastmod>2022-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-ticker-widget-for-elementor/news-ticker-widget-for-elementor-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/multiple-plugins-by-emarket-design-various-versions-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-211-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-419-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-141-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-1664-reflected-cross-site-scripting</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-weather-plugin/local-weather-10-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-tools/lws-tools-231-cross-site-request-forgery</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc_clipboard/wpbakery-page-builder-clipboard-455-stored-cross-site-scripting</loc>
<lastmod>2021-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-for-elementor-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-purolator-freight-edition/ltl-freight-quotes-purolator-edition-223-unauthenticated-sql-injection</loc>
<lastmod>2025-02-21T16:07:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/superlist/superlist-directory-wordpress-theme-directory-listings-292-stored-cross-site-scripting</loc>
<lastmod>2019-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-contact/map-contact-304-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-wordpress-event-ticketing-3548-unauthenticated-customer-data-exposure</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-separator-element</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedule/schedule-100-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-648-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-12-11T18:11:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miwoftp/miwoftp-105-arbitrary-file-download</loc>
<lastmod>2015-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/academist/academist-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-511-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-19954-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-gsheetconnector/woocommerce-google-sheet-connector-1320-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-by-made-it/forms-290-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-meta/category-and-taxonomy-meta-fields-100-cross-site-request-forgery-to-taxonomy-meta-adddelete</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3130-insecure-direct-object-reference-to-authenticated-givewp-worker-arbitrary-post-actions</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-stored-cross-site-scripting-via-plugin-names</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-676-stored-cross-site-scripting</loc>
<lastmod>2020-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-emails-for-woocommerce/additional-custom-emails-amp-recipients-for-woocommerce-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replymail/replymail-120-cross-site-request-forgery</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-slider-carousel/post-sliders-post-grids-1020-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft/formcraft-unknown-versions-arbitrary-file-deletion</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ims-countdown/ims-countdown-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-51211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-charts/wordpress-charts-070-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cssable-countdown/cssable-countdown-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-742-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-135-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-by-lord-linus/contact-us-by-lord-linus-26-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formbuilder/formbuilder-108-cross-site-request-forgery</loc>
<lastmod>2022-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-shortcode/bootstrap-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-box-shortcode</loc>
<lastmod>2026-05-11T19:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1143-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-insert/wp-insert-242-arbitrary-file-upload</loc>
<lastmod>2018-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-843-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1693-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/email-verification-for-woocommerce-2810-unauthenticated-sql-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/splendour/splendour-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1534-cross-site-scripting</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5381-missing-authorization-via-cr_manual</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchwp-live-ajax-search/searchwp-live-ajax-search-162-directory-traversal-and-local-file-inclusion</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3238-authenticated-contributor-stored-cross-site-scripting-via-titlefont-parameter</loc>
<lastmod>2024-06-13T19:34:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-easy-download-manager-and-file-sharing-plugin-with-frontend-file-upload-1656-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailshroud/emailshroud-221-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inet-webkit/inet-webkit-124-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-560-missing-authorization-to-authenticated-subscriber-peppol-identifier-modification</loc>
<lastmod>2026-02-17T17:18:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-04522-cross-site-request-forgery</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-to-action-popup/call-to-action-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenxel-core/lenxel-core-for-lenxellnx-lms-123-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-08T14:02:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-411-unauthenticated-php-object-injection</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cww-companion/cww-companion-132-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/validar-certificados-de-cursos/validatecertify-164-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/99fy-core/free-woocommerce-theme-99fy-extension-127-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitflex/fitflex-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifeline-donation/lifeline-donation-126-authentication-bypass</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-153-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-server-side-request-forgery</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-8120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1381-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-01T16:23:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiled-gallery-carousel-without-jetpack/tiled-gallery-carousel-without-jetpack-31-authenticated-contributor-stored-cross-site-scripting-via-data-image-title</loc>
<lastmod>2026-06-01T19:48:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/matomo/matomo-4153-reflected-cross-site-scripting-via-idsite</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-267-authorization-bypass</loc>
<lastmod>2014-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-12214-to-1232-and-updraftplus-premium-22214-to-2232-privilege-escalation-via-updraft_central_ajax_handler</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-202310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-contact-form-7-and-constant-contact-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-199-missing-authorization-to-authenticated-contributor-post-publication</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-add/testimonial-slider-3586-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-13-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-3815-unauthenticated-sql-injection</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-582-improper-authorization-to-information-disclosure</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-728-reflected-cross-site-scripting</loc>
<lastmod>2021-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-427-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-255-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-228-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluentform-6111-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breezing-forms/breezing-forms-12811-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-multi-step/multi-step-for-contact-form-277-unauthenticated-sql-injection</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-to-page/posts-to-page-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-business-directory-and-classified-ad-listing-3626-unauthenticated-sql-injection-via-packages</loc>
<lastmod>2026-04-15T21:35:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar/calendar-1316-authenticated-contributor-stored-cross-site-scripting-via-event_desc</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-272-cross-site-request-forgery</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-and-understood/read-and-understood-22-cross-site-request-forgery</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pressroom/pressroom-news-magazine-wordpress-theme-70-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-youtube-downloader/mdc-youtube-downloader-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-144-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-20225-reflected-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mailchimp-for-wp-417-cross-site-scripting</loc>
<lastmod>2017-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-social-network-membership-registration-user-profiles-6460-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-09-24T12:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-123-cross-site-request-forgery</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-editor/wp-smart-editor-133-reflected-cross-site-scripting</loc>
<lastmod>2024-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-783-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-multivendor-marketplace-for-woocommerce-372-authenticated-store-vendor-sql-injection</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-facebook-like-widget/all-in-one-like-widget-227-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-elementor-addons-and-templates-library-362-authenticated-contributor-stored-cross-site-scripting-via-motion-text-and-table-widgets</loc>
<lastmod>2024-06-14T12:08:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-wp-toolbar/hide-wp-toolbar-27-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-for-create-and-sell-online-courses-436-reflected-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-users-sync/wp-remote-users-sync-1212-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booter-bots-crawlers-manager/booter-157-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tournamatch/tournamatch-462-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi/flexi-guest-submit-420-reflected-cross-site-scripting</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-118-authenticated-contributor-stored-cross-site-scripting-via-title_tag-widget-setting</loc>
<lastmod>2026-06-09T18:49:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppricing-builder-lite-responsive-pricing-table-builder/wppricing-builder-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-timeline/history-timeline-072-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-portfolio/wpzoom-portfolio-lite-filterable-portfolio-plugin-144-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-08-30T19:36:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-112-missing-authorization-to-authenticated-subscriber-data-export</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-multiple-accordions-or-faqs-builder-203-authenticated-admin-stored-cross-site-scripting-via-notice-parameter</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tooltips/tooltips-1083-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-comments/top-comments-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2696-authenticated-contributor-stored-cross-site-scripting-via-team-member-widget</loc>
<lastmod>2024-05-14T12:34:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-tracker/time-tracker-310-missing-authorization-to-authenticated-subscriber-arbitrary-options-update-and-limited-data-deletion</loc>
<lastmod>2025-09-10T22:20:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdvs-password-reset/password-reset-with-code-0016-unauthenticated-privilege-escalation-via-weak-otp-codes</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-credit-for-woocommerce/store-credit-gift-cards-for-woocommerce-104946-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-users-sync/wp-remote-users-sync-1211-missing-authorization-to-authenticated-subscriber-log-view</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-3015-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-34-sql-injection</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-bar/master-bar-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/improved-user-search-in-backend/improved-user-search-in-backend-125-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hd-quiz/hd-quiz-209-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpml-string-translation/wpml-string-translation-325-authenticated-administrator-sql-injection-via-context</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-submission/easy-post-submission-frontend-posting-guest-publishing-submit-content-for-wordpress-240-missing-authorization</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hq-rental-software/hq-rental-software-1529-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-12-11T15:15:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-331-reflected-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1247-missing-authorization</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdesignkit/wdesignkit-elementor-gutenberg-starter-templates-patterns-cloud-workspace-widget-builder-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T17:47:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bs-shortcode-ultimate/bootstrap-shortcodes-ultimate-431-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-widget/image-widget-4411-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-mollie-payment-forms-donations-437-missing-authorization-in-update_profile_preference</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discussion-board/discussion-board-248-authenticated-subscriber-content-injection</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-860-authenticated-subscriber-blind-server-side-request-forgery-via-post_url</loc>
<lastmod>2025-11-05T17:30:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-generator/google-xml-sitemaps-4122-missing-authorization</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-189-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vigilantor/vigilantor-1310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-visibility-for-divi-builder/content-visibility-for-divi-builder-402-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-06-02T05:02:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-361-authenticated-contributor-server-side-request-forgery-via-endpoint-parameter</loc>
<lastmod>2026-02-17T17:38:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tnc-toolbox/tnc-toolbox-web-performance-142-unauthenticated-sensitive-information-exposure-to-privilege-escalationcpanel-account-takeover</loc>
<lastmod>2025-11-10T22:27:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-mp3-player-with-playlist/html5-mp3-player-with-playlist-free-300-authenticated-author-php-object-injecton</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2925-insecure-direct-object-reference-to-order-manipulation</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-askai/my-askai-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:22:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-missing-authorization-to-unauthenticated-arbitrary-file-information-disclosure-via-view_file-function</loc>
<lastmod>2026-06-03T13:01:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-all-comments-in-one-page/show-all-comments-701-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timely-booking-button/timely-booking-button-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-plugin/beaver-builder-plugin-starter-version-291-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adirectory/adirectory-303-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starred-review/starred-review-142-reflected-cross-site-scripting-via-php_self-variable</loc>
<lastmod>2026-01-06T20:32:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rognone/rognone-062-reflected-cross-site-scripting-via-mode-parameter</loc>
<lastmod>2026-06-01T19:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-2943-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rise-blocks/rise-blocks-a-complete-gutenberg-page-builder-36-authenticated-contributor-stored-cross-site-scripting-via-titletag-parameter</loc>
<lastmod>2025-02-11T21:07:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-doctor-directory/hospital-doctor-directory-139-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-with-floating-bar/social-share-with-floating-bar-103-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:47:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-154-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daext-autolinks-manager/autolinks-manager-11004-cross-site-request-forgery</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-delete/wp-bulk-delete-136-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bible-text/bible-text-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/fundengine-donation-and-crowdfunding-platform-170-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-07-31T15:16:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-farsi/font-farsi-166-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-pro/otter-blocks-pro-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-2611-authenticated-subscriber-information-exposure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171056-missing-authorization-to-unauthenticated-form-action-meta-modification</loc>
<lastmod>2026-05-01T20:11:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vegadays/vegadays-vegetarian-food-festival-eco-event-wordpress-theme-120-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vipdrv-vip-test-drive/vipdrv-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-631-unauthorized-order-status-change</loc>
<lastmod>2022-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-229-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-direct-access/prevent-direct-access-286-2882-incorrect-authorization-to-authenticated-contributor-multiple-media-actions</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lu-radioplayer/luna-radio-player-6241107-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-364-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2019-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-chat-support/better-chat-support-for-messenger-1218-missing-authorization</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/woolentor-woocommerce-elementor-addons-builder-185-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child-reports/mainwp-child-reports-211-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5127-authenticated-subscriber-arbitrary-post-access-via-shortcode</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-free-template-library-grid-carousel-table-parallax-animation-register-form-twitter-grid-560-authenticated-contributor-stored-cross-site-scripting-via-price-list-widget</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convert-docx2post/convert-docx2post-14-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digital-store/easy-digital-downloads-edd-digital-store-133-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-authenticated-arbitrary-plugin-installation</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theagency/theagency-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memphis-documents-library/memphis-documents-library-2616-local-file-inclusion</loc>
<lastmod>2015-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-ready-sites-importer-226-unprotected-ajax-actions</loc>
<lastmod>2020-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1221-missing-authorization-on-load_hcaptcha_preview-ajax-function</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-236-authenticatedcontributor-denial-of-service</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-589-authenticated-subscriber-authorization-bypass-to-privilege-escalation</loc>
<lastmod>2024-07-09T15:34:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-hide/wp-post-hide-109-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-126-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curtain/curtain-102-unauthenticated-maintenance-mode-enableddisable</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-conference-integration/webcam-video-conference-4918-unrestricted-file-upload-leading-to-remote-code-execuction</loc>
<lastmod>2015-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-smart/mobile-smart-v1316-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-46-cross-site-request-forgery-to-account-deletion</loc>
<lastmod>2025-02-03T20:24:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-by-azexo/page-builder-by-azexo-127133-cross-site-request-forgery-to-stored-cross-site-scripting-via-azh_save</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-124-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-6181-authenticated-admin-stored-cross-site-scripting-via-product-title</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log-premium/wp-activity-log-premium-464-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-21914-authenticated-contributor-stored-cross-site-scripting-via-custom-css</loc>
<lastmod>2025-11-04T16:25:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibebp/vibebp-19977-unauthenticated-sql-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spostarbust/elis-related-posts-footer-links-and-widget-120420-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-notify/receive-notifications-after-form-submitting-form-notify-for-any-forms-1110-unauthenticated-authentication-bypass-via-line-oauth-callback</loc>
<lastmod>2026-05-14T18:59:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-264-authenticated-contributor-arbitrary-file-upload-via-storeuploads</loc>
<lastmod>2025-02-11T22:54:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-information-disclosure-multi-part-email-leak</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-1013-authenticated-csv-injection</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustist-reviewer/trustist-reviewer-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-designer/product-designer-1033-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2024-07-08T19:40:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campay-api/campay-woocommerce-payment-gateway-122-unauthenticated-payment-bypass</loc>
<lastmod>2025-12-11T14:34:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-1142-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-address-bar-changer/mobile-address-bar-changer-30-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/years-since/years-since-timeless-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T14:15:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-1342-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-projects/cost-calculator-18-authenticated-local-file-inclusion</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-5822-authenticated-stored-cross-site-scripting-via-advert-names</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-random-anti-spam-image/peters-random-anti-spam-image-106-cross-site-scripting</loc>
<lastmod>2007-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-157-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pack/news-blog-designer-pack-wordpress-blog-plugin-341-unauthenticated-remote-code-execution-via-local-file-inclusion</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatter/chatter-101-missing-authorization</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfunc-head-footer-code/addfunc-head-footer-code-23-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2026-04-09T14:51:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-forms-plugin-for-wordpress-9112-authenticated-administrator-sql-injection-via-table-parameter</loc>
<lastmod>2026-05-14T18:51:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whatshelp-chat-button/chat-button-1894-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-auto-save-images/dx-auto-save-images-140-cross-site-request-forgery</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-hubspot-and-contact-form-7-wpforms-elementor-ninja-forms-137-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payoneer-checkout/payoneer-checkout-340-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-instant-messenger/web-instant-messenger-112-and-localweb-in-one-164-stored-cross-site-scripting</loc>
<lastmod>2020-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-infos-to-the-events-calendar/add-infos-to-the-events-calendar-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-post-view-counter/kento-post-view-counter-28-stored-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-puzzle-captcha/wp-forms-puzzle-captcha-41-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subaccounts-for-woocommerce/subaccounts-for-woocommerce-160-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:47:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/doccure/doccure-150-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-09-08T05:35:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-1510-227-missing-authorization-to-authenticated-subscriber-account-takeoverprivilege-escalation-via-ajax_request-function</loc>
<lastmod>2025-05-12T17:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-3112-unauthenticated-stored-cross-site-scripting-via-license-plan-parameter</loc>
<lastmod>2024-07-10T11:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inactive-user-deleter/inactive-user-deleter-159-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-wall/image-wall-30-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-social-share/kiwi-social-share-2010-arbitrary-options-update</loc>
<lastmod>2018-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grey-opaque/grey-opaque-201-authenticated-contributor-stored-cross-site-scripting-via-download-button-shortcode</loc>
<lastmod>2024-06-21T15:09:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2079-unauthenticated-content-injection</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-1831-cross-site-scripting</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-630-author-stored-cross-site-scripting-via-preview-module</loc>
<lastmod>2021-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-waze/mywaze-16-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-492-unauthenticated-content-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms/piotnet-forms-plugin-1028-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc4bp/buddypress-woocommerce-my-account-integration-create-woocommerce-member-pages-3424-missing-authorization-to-authenticated-subscriber-limited-settings-update</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14123-authenticated-sql-injection</loc>
<lastmod>2017-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-elementor/mega-addons-for-elementor-18-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hello-world/hello-world-211-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-backup-migration-09128-authenticated-admin-arbitrary-directory-deletion</loc>
<lastmod>2026-06-05T10:43:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-team-member/ht-team-member-114-authenticated-contributor-stored-cross-site-scripting-via-htteamember-shortcode</loc>
<lastmod>2024-10-29T18:09:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-blocks-builder/content-blocks-builder-276-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bulk-stock-management/woocommerce-bulk-stock-management-2233-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-143-reflected-cross-site-scripting</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-planner/events-planner-1310-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-shortcode/google-map-shortcode-312-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-277-phar-deserialization</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listing-140-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-ads-builder-for-clickbank-products/affiliate-ads-for-clickbank-products-17-stored-cross-site-scripting</loc>
<lastmod>2017-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saan-world-clock/saan-world-clock-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/schedule-post-changes-with-publishpress-future-unpublish-delete-change-status-trash-change-categories-492-missing-authorization-to-authenticated-contributor-authors-emails-exposure</loc>
<lastmod>2025-12-15T22:49:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nautic-pages/nautic-pages-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-30T18:12:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nokaut-offers-box/nokaut-offers-box-140-cross-site-request-forgery-to-plugin-setting-reset</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-anti-fraud/woocommerce-anti-fraud-726-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4320-reflected-cross-site-scripting</loc>
<lastmod>2021-11-28T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-44-cross-site-request-forgery</loc>
<lastmod>2014-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-booking-calendar/wp-simple-booking-calendar-2084-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tell-a-friend-popup-form/wp-tell-a-friend-popup-form-71-cross-site-request-forgery-via-tellafriend_admin</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-backup-migration-tool-414-authenticated-administrator-php-object-injection-via-wxr-xml-file-upload</loc>
<lastmod>2026-06-05T13:35:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transportersio/transportersio-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:07:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-212-cross-site-scripting</loc>
<lastmod>2022-05-04T06:49:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-jquery-image-gallery/slideshow-231-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotpo-social-reviews-for-woocommerce/yotpo-product-photo-reviews-for-woocommerce-179-reflected-cross-site-scripting</loc>
<lastmod>2024-11-14T16:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aihub/ai-hub-startup-technology-wordpress-theme-137-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gi-media-library/gi-media-library-30-directory-traversal</loc>
<lastmod>2015-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-manager/wp-table-manager-352-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mhr-post-ticker/mhr-post-ticker-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptx/cryptx-405-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T20:35:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms-by-mailmunch/constant-contact-forms-by-mailmunch-2010-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-182-authentication-bypass</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider/logo-slider-148-authenticated-admin-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-475-missing-authorization-to-unauthenticated-arbitrary-member-account-deactivation-via-forged-stripe-chargerefunded-webhook</loc>
<lastmod>2026-06-17T16:52:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-feature-box/wp-feature-box-013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapbox-gl-js/wp-mapbox-gl-js-maps-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uninstall/wordpress-uninstall-121-cross-site-request-forgery-to-site-reset</loc>
<lastmod>2015-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-410-cross-site-request-forgery</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electric-enquiries/electric-enquiries-11-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode-attribute</loc>
<lastmod>2026-02-26T20:48:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-exclude/simply-exclude-2066-reflected-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/instantva/instant-va-101-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suredash/suredash-103-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-easy-google-analytics/ht-easy-ga4-google-analytics-4-106-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worpit-admin-dashboard-plugin/icontrolwp-553-unauthenticated-privilege-escalation</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11318-unauthenticated-time-based-sql-injection-via-sort-parameter</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-232-cross-site-scripting</loc>
<lastmod>2022-04-28T11:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-wordpress-poll/wordpress-poll-36-sql-injection</loc>
<lastmod>2020-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-415-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-251-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T16:22:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-your-number/get-your-number-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder-pro/funnel-kit-funnel-builder-pro-345-authenticatedcontributor-stored-cross-site-scripting-via-allow_iframe_tag_in_post</loc>
<lastmod>2024-08-28T15:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fotomoto/fotomoto-128-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sapo-feed/sapo-feed-242-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsivevoice-text-to-speech/responsivevoice-text-to-speech-176-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-warfare-352-unauthenticated-arbitrary-settings-update</loc>
<lastmod>2019-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-plugin-13-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-229-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdw-file-browser/pdf-file-browser-13-remote-code-execution</loc>
<lastmod>2020-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-drag-drop-form-builder-for-wordpress-282-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/honeypot/wp-armour-honeypot-anti-spam-156-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions/beeteam368-extensions-194-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-files/secure-files-11-directory-traversal</loc>
<lastmod>2005-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-ffl-cockpit/g-ffl-cockpit-171-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-12-05T17:38:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-1123-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-157-missing-authorization</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listamester/listamester-236-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3108-authenticated-contributor-stored-cross-site-scripting-via-_id-parameter</loc>
<lastmod>2024-05-17T14:41:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-135-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-514-authenticated-contributor-stored-cross-site-scripting-pafw_instant_payment-shortcode</loc>
<lastmod>2024-11-22T23:37:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-201-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/good-reviews-wp/five-star-restaurant-reviews-235-authenticated-contributor-stored-cross-site-scripting-via-review-url</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesigntech-ultimate-booking-addon/wedesigntech-ultimate-booking-addon-101-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-integrations/bit-integrations-2410-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9320-authenticated-support-staff-sql-injection</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-2923-reflected-cross-site-scripting</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahmeti-wp-timeline/ahmeti-wp-timeline-51-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ricerca-smart-search/ricerca-smart-and-advanced-search-1015-cross-site-request-forgery</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-posts-carousel-pro/responsive-posts-carousel-wordpress-plugin-151-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-268-authenticated-contributor-stored-cross-site-scripting-via-shortocde</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbucket/kbucket-your-curated-content-in-wordpress-415-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-980-authenticated-admin-stored-cross-site-scripting-via-button-width</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3242-reflected-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-me/copy-me-100-missing-authorization-cross-site-request-forgery</loc>
<lastmod>2016-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-24-unauthenticated-sensitive-information-disclosure-via-orders-rest-api-endpoint</loc>
<lastmod>2026-04-07T17:37:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-shortcodes/uix-shortcodes-compatible-with-gutenberg-199-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-25T20:38:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3118-cross-site-request-forgery-via-save_campaign_preview</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-44-missing-authorization-via-getsiqpluginsettings</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daves-wordpress-live-search/daves-wordpress-live-search-45-reflected-cross-site-scripting</loc>
<lastmod>2017-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-builder/resume-builder-311-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurt/restaurt-104-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10239-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-602-stored-cross-site-scripting-via-plugin-deactivation-and-deletion-errors</loc>
<lastmod>2022-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-12148-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2693-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nova-blocks/nova-blocks-by-pixelgrade-217-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-09-09T20:42:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-204-csv-injection</loc>
<lastmod>2018-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softdiscover-db-file-manager/file-manager-code-editor-backup-by-managefy-161-unauthenticated-information-exposure</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1734-insecure-password-reset-mechanism</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2115-admin-cross-site-scripting</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dimension/dimension-unknown-versions-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-2205-missing-authorization</loc>
<lastmod>2026-01-11T20:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-855-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-honeypot/ap-honeypot-wordpress-plugin-14-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wolmart/wolmart-multi-vendor-marketplace-woocommerce-theme-196-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/localgrid/localgrid-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-language-switcher/easy-language-switcher-10-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-login-form-and-user-profile-421-insecure-direct-object-reference-to-unauthenticated-limited-user-deletion</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pro-quiz/wp-pro-quiz-037-arbitrary-quiz-deletion-via-cross-site-request-forgery</loc>
<lastmod>2020-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-503-unauthenticated-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-login-page/lh-login-page-214-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-38101-unauthenticated-sql-injection</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cufon/wp-cufon-1610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyrotator-for-wordpress/easyrotator-for-wordpress-1014-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-by-feedify/feedify-web-push-notifications-245-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-shortcode/tabs-shortcode-202-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediapress/mediapress-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yphplista/yphplista-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netreviews/verified-reviews-avis-vrifis-2314-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copypress-rest-api/copypress-rest-api-11-12-missing-configurable-jwt-secret-and-file-type-validation-to-unauthenticated-remote-code-execution</loc>
<lastmod>2025-09-29T15:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-responsive-menu/eds-responsive-menu-12-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fraudlabs-pro-sms-verification/fraudlabs-pro-sms-verification-1101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-disable-activation-reloaded/bp-disable-activation-reloaded-121-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjam-basic/wpjam-basic-692-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3113-csv-injection</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-auto-tool/ai-auto-tool-content-writing-assistant-gemini-writer-chatgpt-all-in-one-227-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-541-authenticated-contributor-local-file-inclusion-via-team-member-listing</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-redsys-gateway-light/payment-gateway-for-redsys-woocommerce-lite-700-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friendly-functions-for-welcart/friendly-functions-for-welcart-124-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:37:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-button-plugin/bestwebsofts-like-share-posts-pages-and-widget-social-extension-plugin-for-wordpress-254-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-remote-posts-block/display-remote-posts-block-110-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-cross-site-request-forgery-filesystem-credential-update</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1113-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-gutenberg/gutenberg-blocks-331-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-article-uploader-extension/mainwp-various-extensions-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-443-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2024-05-21T18:36:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/querywall/querywall-111-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imgspider/imgspider-2310-authenticated-contributor-arbitrary-file-upload-via-upload_img_file</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photo-gallery/simple-photo-gallery-180-stored-cross-site-scripting</loc>
<lastmod>2016-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-446-reflected-cross-site-scripting</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-84-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-236-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2025-01-10T14:15:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-roles-per-user/multiple-roles-per-user-10-missing-authorization-to-authenticated-custom-privilege-escalation</loc>
<lastmod>2025-11-17T20:12:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1752-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-country-blocker/advanced-country-blocker-231-unauthenticated-authorization-bypass-via-insecure-default-secret-key</loc>
<lastmod>2026-02-06T20:24:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-to-display-post-and-user-data/display-custom-fields-in-the-frontend-post-and-user-profile-fields-121-authenticated-contributor-stored-cross-site-scripting-via-vg_display_data</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T14:52:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-recent-post/vertical-scroll-recent-post-140-cross-site-request-forgery-via-vsrp_admin_options</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-regenerate-select-crop/image-regenerate-select-crop-730-sensitive-information-exposure</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1115-missing-authorization</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-header/responsive-header-plugin-10-authenticated-administrator-stored-cross-site-scripting-via-settings-parameters</loc>
<lastmod>2026-01-23T20:34:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hm-cool-author-box-widget/cool-author-box-299-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-map/leaflet-map-330-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-845-missing-authorization</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spreadplugin/wp-spreadplugin-3862-cross-site-scripting</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microkids-related-posts/related-posts-for-wordpress-403-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-playground/quick-playground-131-missing-authorization-to-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-04-08T14:35:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-play-button-for-wordpress/sptify-play-button-for-wordpress-207-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosebud/rosebud-14-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-mask/content-mask-1853-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-111510-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-post-thumbnail/auto-featured-image-auto-post-thumbnail-413-authenticated-author-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/012-ps-multi-languages/012-ps-multi-languages-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T13:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-2897-unauthenticated-sql-injection</loc>
<lastmod>2025-01-29T22:00:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-frontend-submit/wp-frontend-submit-110-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sports-club-management/sports-club-management-1129-authenticated-contributor-stored-cross-site-scripting-via-before-attribute</loc>
<lastmod>2026-04-07T17:38:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-237-authenticated-author-arbitrary-file-read-via-directory-traversal</loc>
<lastmod>2024-10-10T19:55:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13980-authenticated-author-external-entity-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-401-unauthenticated-sql-injection</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-2711-unauthenticated-authorization-bypass-via-ip-address-spoofing</loc>
<lastmod>2025-10-24T16:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finalist/finalist-all-versions-cross-site-scripting</loc>
<lastmod>2013-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-events-manager/wp-events-manager-221-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-woobewoo-149-missing-authorization</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-432-cross-site-request-forgery</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wati-chat-and-notification/wati-chat-and-notification-112-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-park-booking-system-for-wordpress/car-park-booking-system-for-wordpress-26-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squeeze/squeeze-16-authenticated-admin-full-path-disclosure</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ferma-ru-net-checkout/fermarunet-133-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-icons/menu-icons-by-themeisle-01320-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-03T09:50:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-293-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-25102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-361-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-05T19:31:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-youtube-video-player/ultimate-youtube-video-shorts-player-with-vimeo-33-missing-authorization-to-authenticated-subscriber-arbitrary-playlistvideo-deletion</loc>
<lastmod>2024-11-20T13:45:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-7611-authenticated-contributor-stored-cross-site-scripting-via-link-library-shortcode</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-shortcode/testimonial-slider-shortcode-118-authenticated-contributor-cross-site-scripting-vulnerability-via-shortcode</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-css/instant-css-121-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-621-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-social-questions-and-answers-210-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmapsmania/gmapsmania-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-05-01T13:11:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugmatter-optin-feature-box-lite/plugmatter-optin-feature-box-2014-sql-injection</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-meet-the-team/wp-responsive-meet-the-team-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-400-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vipergb/wp-vipergb-1310-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compress-then-upload/compress-then-upload-104-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wired-impact-volunteer-management/wired-impact-volunteer-management-28-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-630-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-statcounter-plugin-for-wordpress/statcounter-211-authenticated-author-stored-cross-site-scripting-via-author-nickname</loc>
<lastmod>2026-05-28T17:02:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-2012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-freshdesk/gravity-forms-freshdesk-135-unauthenticated-open-redirect</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator/stylish-cost-calculator-703-stored-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-from-files/gallery-from-files-160-arbitrary-file-upload</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-import-demo/ovic-importer-163-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-34-cross-site-request-forgery</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link-lite/pretty-link-lite-154-cross-site-scripting</loc>
<lastmod>2011-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-364-authenticated-doctorreceptionist-sql-injection</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-user-notes/frontend-user-notes-210-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-note-modification</loc>
<lastmod>2026-02-17T16:31:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-all-in-one-for-wp/dsgvo-all-in-one-for-wp-45-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fp-rss-category-excluder/fp-rss-category-excluder-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yada-wiki/yada-wiki-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-engage-3131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/learnify/learnify-online-courses-education-wordpress-theme-1150-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plms/property-lot-management-system-10-authenticated-salesman-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-faucet/bitcoin-altcoin-faucet-160-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-privacy-friendly-analytics-for-wordpress-140-to-1461-unauthenticated-sql-injection</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-381-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42415-unauthenticated-remote-code-execution-arbitrary-file-read-and-arbitrary-file-deletion</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-custom-styles/tinymce-custom-styles-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-pdf-viewer/embed-pdf-viewer-231-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viala/viala-131-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cs-framework/cs-framework-70-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-112-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-tube/fast-tube-231-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-addons-by-bit14/web-and-woocommerce-addons-for-wpbakery-builder-147-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-188-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prostore/prostore-113-open-redirect</loc>
<lastmod>2014-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-product-sharing/ocean-product-sharing-222-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopp-arrange/cgd-arrange-terms-113-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-484-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-woocommerce-builder-for-elementor-customize-checkout-shop-email-products-more-441-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-06-11T15:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-rosters/team-rosters-482-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-641-unauthenticated-sensitive-information-exposure-via-log-files</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-5011-unauthenticated-dom-based-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2026-03-06T19:00:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-option_id</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formularios-de-contacto-salesup/formulario-de-contacto-salesup-1014-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-azure-offload/wp-azure-offload-20-reflected-cross-site-scripting</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-650-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dpe-ges/wp-dpe-ges-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-for-seo/ai-for-seo-129-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/questionpro-surveys/questionpro-surveys-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-13T18:26:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-master/wp-security-master-102-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-inquiry/woo-inquiry-01-unauthenticated-sql-injection</loc>
<lastmod>2024-08-20T17:18:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-zoooom/wp-image-zoom-123-cross-site-request-forgery-to-denial-of-service</loc>
<lastmod>2018-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-38-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hermit/hermit-316-unauthenticated-sql-injection</loc>
<lastmod>2022-04-28T12:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-profiles-content-restriction-3848-missing-authorization-to-unauthenticated-registration-form-status-modification</loc>
<lastmod>2026-04-03T13:05:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-105-cross-site-scripting</loc>
<lastmod>2015-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-meta/wp-social-meta-101-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-02-25T12:49:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm/wp-crm-customer-relations-management-for-wordpress-121-csv-injection</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0187-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1253-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-short/ad-short-201-authenticated-contributor-stored-cross-site-scripting-via-client-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-db/wp-migrate-lite-migration-made-easy-278-cross-site-request-forgery</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-236-ip-spoofing</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp3d-model-import-block/wp3d-model-import-viewer-107-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-12-12T16:19:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-100-free-open-source-file-manager-and-code-editor-for-wordpress-657-authenticated-subscriber-limited-javascript-file-upload</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-59-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42415-missing-authorization-to-authenticated-subscriber-limited-path-traversal</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-321-missing-authorization-to-unauthenticated-feature-deactivation</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/clone-237-cross-site-request-forgery-via-wp_ajax_tifm_save_decision</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/topscorer/topscorer-sports-wordpress-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-plus-reloaded/activity-plus-reloaded-for-buddypress-112-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-286-unauthenticated-php-code-injection-to-remote-code-execution</loc>
<lastmod>2024-08-12T14:17:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-peach-payments-gateway/peach-payments-gateway-319-missing-authorization-via-peach_core_version_rollback</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitlys-wordpress-plugin-271-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rareradio/rare-radio-10151-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-1412-reflected-cross-site-scripting</loc>
<lastmod>2018-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastik-page-builder/elastik-page-builder-0274-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:24:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1545-multiple-cross-site-scripting-issues</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-tools/lws-tools-241-cross-site-request-forgery</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-structured-data-schema/wp-seo-structured-data-schema-281-authenticated-contributor-stored-cross-site-scripting-via-_kcseo_ative_tab-parameter</loc>
<lastmod>2026-05-11T19:10:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-collation-fix/database-collation-fix-127-cross-site-request-forgery-via-admin_page</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-builder/skt-page-builder-41-missing-authorization-to-authenticatedsubscriber-content-injection</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-insufficient-privilege-de-escalation</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-product/woocommerce-gifts-product-100-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-243-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wprequal/mortgage-lead-capture-system-8211-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-02-17T15:45:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/askka/askka-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-dashboard-page/custom-dashboard-page-10-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-core/salient-core-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-documentation/simple-documentation-128-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-138-cross-site-request-forgery</loc>
<lastmod>2022-04-11T18:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hostel/goodlayers-hostel-312-reflected-cross-site-scripting</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-photo-contest-plugin-for-wordpress-13105-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pico/hype-105-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reservit-hotel/reservit-hotel-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translit-it/translit-it-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vehica-core/vehica-core-10100-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-sharing-toolkit/social-sharing-toolkit-211-cross-site-request-forgery</loc>
<lastmod>2013-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-1110-missing-authorization</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brickscore/brickscore-1425-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/art-direction/art-direction-024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-bank/mail-bank-1-mail-smtp-plugin-for-wordpress-4014-missing-authorization</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orion-login-with-sms/orion-login-with-sms-105-authentication-bypass-via-weak-otp</loc>
<lastmod>2025-07-21T20:51:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-219-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-watermark/image-watermark-173-missing-authorization-to-authenticated-subscriber-watermark-modification</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-builder-for-wpforms/pdf-builder-for-wpforms-12116-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3124-reflected-cross-site-scripting</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-34-multiple-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bstone-demo-importer/bstone-demo-importer-101-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shuttle/shuttle-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personal-dictionary/personal-dictionary-133-unauthenticated-sql-injection</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms/wpforms-pro-184-1853-unauthenticated-stored-cross-site-scripting-via-form-submission</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insertify/insertify-114-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicenter/medicenter-health-medical-clinic-151-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5972-missing-authorization-to-authenticated-subscriber-arbitrary-user-suspension</loc>
<lastmod>2026-02-04T20:24:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/softlab-core/softlab-core-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-922-cross-site-scripting</loc>
<lastmod>2019-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-34-sql-injection</loc>
<lastmod>2019-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maia/maia-1115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-470-missing-authorization-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/square-thumbnails/square-thumbnails-110-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vcaching/varnishnginx-proxy-caching-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-site/hide-my-site-22-unauthenticated-information-exposure</loc>
<lastmod>2024-08-20T17:27:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flowpaper-lite-pdf-flipbook/flowpaper-203-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-app-builder-by-wappress/mobile-app-builder-by-wappress-105-arbitrary-file-upload</loc>
<lastmod>2017-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1177-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-1963-and-updraftplus-paid-2963-cross-site-scripting</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-google-calendar-plugin-204-reflected-cross-site-scripting</loc>
<lastmod>2014-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-365-authenticated-author-privilege-escalation</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-761-missing-authorization-to-authenticated-contributor-post-duplication</loc>
<lastmod>2024-08-21T12:05:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-block/business-card-block-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemapper/imagemapper-126-missing-authorization-to-authenticated-subscriber-arbitrary-pagepost-deletion-via-imgmap_delete_area_ajax</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fixed-html-toolbar/fixed-html-toolbar-107-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-10-226-missing-authorization-to-unauthenticated-privilege-escalation-via-fed_wp_ajax_fed_login_form_post-function</loc>
<lastmod>2025-05-06T20:38:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11319-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-addons-for-elementor-page-templates-widgets-mega-menu-woocommerce-6411-authenticated-contributor-stored-cross-site-scripting-via-navigation-menu-lite-widget</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-stats/post-views-stats-13-reflected-cross-site-scripting-via-from-and-to</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabgarb/tabgarb-pro-26-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-1611-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3517-unauthenticated-sql-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ohio-extra/ohio-extra-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-access-control/wordpress-access-control-4013-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-wound/the-wound-001-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-328-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-wordpress-custom-login-page-customizer-3417-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-code-snippets/easy-code-snippets-102-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:33:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-293-local-file-inclusion</loc>
<lastmod>2022-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heureka/heureka-108-cross-site-request-forgery</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-25-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-256-authenticated-contributor-stored-cross-site-scripting-via-advanced-heading-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-652-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-408-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-855-reflected-cross-site-scripting-via-customer-search</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fooddy/fooddy-1310-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-for-woocommerce/meta-for-woocommerce-370-unauthenticated-open-redirect</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1395-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-03-05T06:23:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-dashboard-widgets/custom-dashboard-widgets-131-cross-site-request-forgery-to-stored-cross-site-scripting-via-cdw_dashboardwidgets</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-slider/wonder-slider-lite-wonder-slider-144-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kraken-image-optimizer/krakenio-image-optimizer-265-cross-site-request-forgery</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0989-authenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdowner-elementor/countdowner-for-elementor-104-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8115-cross-site-request-forgery-via-display_results</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exportfeed-list-woocommerce-products-on-ebay-store/exportfeed-2010-sql-injection</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-block-extend/advance-block-extend-104-authenticated-contributor-stored-cross-site-scripting-via-titlecolor-block-attribute</loc>
<lastmod>2026-02-18T15:53:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-212-authenticated-subscriber-arbitrary-post-access</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basic-interactive-world-map/basic-interactive-world-map-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-en-mantenimiento/web-en-mantenimiento-106-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-183-object-injection</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-228-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-seo-tool/smart-seo-tool-305-reflected-cross-site-scripting</loc>
<lastmod>2021-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide/slides-presentations-0039-missing-authorization-to-content-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/college/multiple-themes-various-versions-reflected-cross-site-scripting-via-search-field</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickcab/quickcab-133-missing-authorization</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-323-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2019-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontis-blocks/frontis-blocks-116-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2026-01-23T19:20:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-380-missing-authorization-to-authenticated-subscriber-office-365-oauth-configuration-overwrite</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3123-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4350-reflected-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sponsors/sponsors-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-4211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-397-cross-site-scripting</loc>
<lastmod>2015-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashy/flashy-121-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf24-post-to-pdf/pdf24-article-to-pdf-422-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uberSlider_mouseinteraction/uberslider-mouseinteraction-23-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/delicious-recipes-wordpress-recipe-plugin-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-278-reflected-cross-site-scripting</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/webtoffee-wp-backup-and-migration-153-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-482-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-184-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-262-authenticated-contributor-stored-cross-site-scripting-via-tutor_instructor_list-shortcode</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-broadcast/-wechat-broadcast-120-directory-traversal</loc>
<lastmod>2018-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-post-slider-lite/real-post-slider-lite-24-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-01-13T16:48:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-436-missing-authorization</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-1331-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3111-reflected-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code/ninjateam-header-footer-custom-code-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-32020-unauthenticated-content-injection-vulnerability</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mobile-pack/wordpress-mobile-pack-mobile-plugin-for-progressive-web-apps-hybrid-mobile-apps-213-sensitive-information-exposure</loc>
<lastmod>2015-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-keywords/seo-keywords-113-reflected-cross-site-scripting-via-google_error-parameter</loc>
<lastmod>2025-01-06T16:06:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2552-authenticated-stored-cross-site-scripting-via-caption-on-hover</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-excerpt-everywhere/auto-excerpt-everywhere-15-cross-site-request-forgery</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2726-cross-site-scripting</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-column-tag-map/multi-column-tag-map-17024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mollie/mollie-for-contact-form-7-500-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-grid/essential-grid-3018-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opencart-product-in-wp/opencart-product-in-wp-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-management-lite/hr-management-lite-37-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-114-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-options</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-556-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2080-insecure-direct-object-reference</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12416-missing-authorization-to-authenticated-contributor-privileged-cloud-api-operations</loc>
<lastmod>2026-06-05T14:31:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-821-insecure-direct-object-reference-to-address-modification</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20250324-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mission/mission-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-119-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-10T18:41:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeloom-widgets/themeloom-widgets-185-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:53:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-zagg/zagg-electronics-accessories-woocommerce-wordpress-theme-141-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-13T19:48:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wappointment/wappointment-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-scrolling-announcements/horizontal-scrolling-announcements-24-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-1310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/empik-for-woocommerce/empikplace-for-woocommerce-143-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-27-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-messages/user-messages-124-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-tool-222-missing-authentication-to-unauthenticated-limited-file-deletion</loc>
<lastmod>2025-11-10T15:07:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-question-answer-pro/dw-question-answer-pro-136-cross-site-request-forgery</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/wp-front-user-submit-front-editor-494-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-260-authenticated-administrator-server-side-request-forgery-via-validate_file-function</loc>
<lastmod>2025-03-19T22:24:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-623-authorization-bypass</loc>
<lastmod>2021-11-24T14:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-8111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-only-login/password-only-login-02-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-468-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-467-missing-authorization-to-unauthenticated-zoom-sdk-credential-exposure-via-get_auth-ajax-action</loc>
<lastmod>2026-06-15T14:43:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evangtermine/evangelische-termine-33-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-unlock/subscribe-to-unlock-115-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12225-reflected-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1522-authenticated-subscriber-private-post-meta-disclosure-via-get_sponsored_meta</loc>
<lastmod>2026-05-20T13:15:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/discount-and-dynamic-pricing/dynamic-pricing-and-discount-rules-229-cross-site-request-forgery</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-6502-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-carousel-free/logo-carousel-341-unauthorised-private-post-access</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-279-unauthenticated-sql-injection-via-filtersdatabackend-parameter</loc>
<lastmod>2025-04-03T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-281-missing-authorization-to-unauthenticated-plugin-deactivation-and-extensions-activationdeactivation</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sticky-footer/simple-sticky-footer-132-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/hubbub-lite-1351-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-old-orders/delete-old-order-02-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-616-subscriber-category-add-leading-to-stored-cross-site-scripting</loc>
<lastmod>2021-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-1173-reflected-cross-site-scripting</loc>
<lastmod>2020-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-groups/peepso-core-groups-6460-authenticated-subscriber-stored-cross-site-scripting-via-group-description</loc>
<lastmod>2025-07-02T18:17:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-631-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wireless-butler/wireless-butler-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-577-authenticatedadministrator-remote-code-execution</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements/thegem-theme-elements-for-wpbakery-5110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-roles/multiple-roles-137-privilege-escalation</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/radcliffe-2/radcliffe-2-2017-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4618-authenticated-contributor-sql-injection-via-rtmedia_gallery-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elements/easy-elements-for-elementor-144-unauthenticated-privilege-escalation-via-easyel_handle_register</loc>
<lastmod>2026-05-19T13:10:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-281-authenticatedcontributor-stored-cross-site-scripting-via-banner-link</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-slider/seo-slider-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-599-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T19:54:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livechat-elementor/livechat-elementor-1013-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemelandco-woo-report/woocommerce-report-145-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-962-unauthenticated-stored-cross-site-scripting-via-sms_prefix</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-news/gutenverse-news-advanced-news-magazine-blog-gutenberg-blocks-addons-302-missing-authorization</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ec-authorizenet/ec-authorizenet-033-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fundraising-donation/fundengine-174-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-auto-excerpt/easy-custom-auto-excerpt-247-stored-cross-site-scripting</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chatbot/wp-chatbot-for-messenger-49-missing-authorization-to-unauthenticated-chatbot-configuration-takeover</loc>
<lastmod>2026-03-20T14:38:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-6198-missing-authorization</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-531-insecure-backuplogfile-generation</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutentor/gutentor-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nota-fiscal-eletronica-woocommerce/nota-fiscal-eletrnica-woocommerce-3409-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2117-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foursquare-checkins/foursquare-checkins-13-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2013-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitebuilder-dynamic-components/sitebuilder-dynamic-components-10-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T15:58:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-320-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace/photospace-gallery-235-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gaspard/gaspard-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gradient-text-widget-for-elementor/gradient-text-widget-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themefuse-maintenance-mode/themefuse-maintenance-mode-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodigs/geodigs-341-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-for-post-and-buddypress/push-notification-for-post-and-buddypress-193-unauthenticated-sql-injection</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lunna/lunna-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wpshop-2-e-commerce-1396-arbitrary-file-upload</loc>
<lastmod>2015-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-auto-publish/wp2social-auto-publish-247-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-expert/quiz-expert-easy-quiz-maker-exam-and-test-manager-150-cross-site-request-forgery</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-388-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-550-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3265-unauthenticated-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv-exporter/wp-csv-exporter-136-authenticated-admin-sql-injection</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-diaries/travel-diaries-124-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-2515-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-rotator/favicon-rotator-1211-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-count/quick-count-300-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11203-cross-site-request-forgery</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycurator/mycurator-content-curation-374-cross-site-request-forgery</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32517-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-news-feed/twitter-news-feed-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-traffic-real-time-statistics/visitor-traffic-real-time-statistics-211-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveforms/contact-form-drag-and-drop-form-builder-plugin-485-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-145-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-slider-and-carousel-with-lightbox/meta-slider-and-carousel-with-lightbox-201-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-246-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/national-weather-service-alerts/national-weather-service-alerts-135-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-336-sql-injection</loc>
<lastmod>2020-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-code-snippets-html-css-js-and-php-injection-360-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-maps-short-code/simple-shortcode-for-google-maps-154-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-07T17:29:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-051-reflected-cross-site-scripting</loc>
<lastmod>2016-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-to-similar-post-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomdev-wp-pros-cons/mighty-classic-pros-and-cons-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-duplicator/theme-duplicator-11-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-update-notify/browser-update-notify-021-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/network-summary/network-summary-2011-unauthenticated-sql-injection</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-official-opt-in-forms/keap-official-opt-in-forms-1011-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-580-reflected-cross-site-scripting</loc>
<lastmod>2017-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-937-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-like-dislike/comments-like-dislike-122-ip-spoofing</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-library-lite/document-library-lite-117-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3253-reflected-cross-site-scripting</loc>
<lastmod>2022-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-736-insecure-direct-object-reference</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-12-cross-site-request-forgery</loc>
<lastmod>2022-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts/limit-login-attempts-171-authenticatedsubscriber-stored-cross-site-scripting</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-1912-authenticated-admin-content-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftnav-responsive-mobile-menu/shiftnav-responsive-mobile-menu-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1085-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-contracts/wpsmartcontracts-2010-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-33241-cross-site-request-forgery</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoiler-block/spoiler-block-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bellows-accordion-menu/bellows-accordion-menu-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beepress/beepress-698-cross-site-request-forgery-via-beepress-prophp</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/checkout-field-manager-checkout-manager-for-woocommerce-785-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2026-02-18T16:06:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1044-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-04-07T15:35:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-openings/wp-job-openings-342-information-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post/simple-post-11-stored-cross-site-scripting</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-map/wp-ultimate-map-11-cross-site-request-forgery-to-stored-cross-site-scripting-via-zoom-level-parameter</loc>
<lastmod>2026-06-08T15:05:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-10353-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-38-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-376-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membees-member-login-widget/membee-login-236-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-coblocks-3111-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-337-cross-site-request-forgery</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher-woocommerce/currency-switcher-for-woocommerce-2162-reflected-cross-site-scripting</loc>
<lastmod>2025-02-28T15:26:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-addons-for-elementor/creative-addons-for-elementor-1512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6461-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-4238-reflected-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-galleria/wordpress-galleria-14-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping/table-rate-shipping-method-for-woocommerce-by-flexible-shipping-4118-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-login-log/simple-login-log-112-sql-injection</loc>
<lastmod>2017-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-scan/acunetix-wp-security-404-cross-site-request-forgery</loc>
<lastmod>2014-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-110-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-online-food-ordering-restaurant-menu-delivery-and-reservations-for-woocommerce-2224-authenticated-contributor-stored-cross-site-scripting-via-reservation-form-shortcode</loc>
<lastmod>2024-05-30T18:20:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-and-replace-all/find-and-replace-all-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-372-unauthenticated-information-exposure</loc>
<lastmod>2026-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-392-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13328-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer/blog-designer-1810-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgets-reset/widgets-reset-01-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebecas/ebecas-313-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melascrivi/melascrivi-plugin-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-authenticated-author-cross-site-scripting-via-file-uploads</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-stored-cross-site-scripting-via-flip-carousel-flip-box-post-grid-and-taxonomy-list-widget-attributes</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/announcement-notification-banner-bulletin-351-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenium/gutenium-blocks-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-273-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-434-cross-site-request-forgery</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-6313-cross-site-forgery-request-and-reflected-cross-site-scripting</loc>
<lastmod>2015-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/giardino/giardino-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-favorites/easy-digital-downloads-favorites-106-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader/element-invader-template-kits-for-elementor-124-missing-authorization</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-544-missing-authorization-to-authenticated-author-shortcode-creation</loc>
<lastmod>2026-06-12T19:54:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yogi/yogi-293-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/milat-jquery-automatic-popup/milat-jquery-automatic-popup-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glossy/glossy-235-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjateam-telegram/ninjateam-chat-for-telegram-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-live-sales-notification-woocommerce-sales-popup-fomo-social-proof-announcement-banner-floating-notification-top-bar-293-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahachat-messenger-marketing/ahachat-messenger-marketing-11-authentication-bypass</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math-pro/rank-math-seo-pro-3096-missing-authorization</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-380-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-08T10:43:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amerisale-re/amerisale-re-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-148-missing-authorization-to-directory-traversal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-post-grid-elementor-addon/dynamic-post-grid-elementor-addon-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/encrypted-blog/encrypted-blog-0062-open-redirect</loc>
<lastmod>2013-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-post-creative/featured-post-creative-127-cross-site-request-forgery-via-wpfp_update_featured_post</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-221-missing-authorization</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wt-smart-coupons-for-woocommerce/smart-coupons-for-woocommerce-coupons-230-missing-authorization</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-2280-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-1911-authorization-bypass</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-244-missing-autorization-to-authenticated-subscriber-plugin-status-dashboard-view</loc>
<lastmod>2025-06-02T14:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-voting/bbpress-voting-21110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-addons-for-visual-composer/mega-addons-for-wpbakery-page-builder-427-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-249-authenticated-contributor-stored-cross-site-scripting-via-image-grid-widget</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-1017-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listar-directory-listing/listar-directory-listing-classifieds-wordpress-plugin-300-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-12-05T17:35:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33102-reflected-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4999-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-custom-product-tabs-lite/custom-product-tabs-lite-for-woocommerce-190-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vault/wp-vault-0866-local-file-inclusion</loc>
<lastmod>2016-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-counters/animated-counters-17-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.4/wordpress-core-25-full-path-disclosure</loc>
<lastmod>2007-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-513-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyjobs/easyjobs-246-missing-authorization-to-settings-update</loc>
<lastmod>2024-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-202-missing-authorization</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-157-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zen-social-sticky/zen-sticky-social-03-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-13T19:44:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defend-wp-firewall/defendwp-firewall-110-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-5110-cross-site-request-forgery-to-download-path-deletion-and-disabling</loc>
<lastmod>2026-04-07T11:17:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-authenticated-contributor-stored-cross-site-scripting-via-dual-button-widget</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bible-embed/bible-embed-004-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-posts/mark-posts-200-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thinkresponsive/think-responsive-10-arbitrary-file-upload</loc>
<lastmod>2013-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ellipsis-human-presence-technology/human-presence-stop-form-spam-without-recaptcha-209-reflected-cross-site-scripting</loc>
<lastmod>2019-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jlayer-parallax-slider-wp/jlayer-parallax-slider-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-308-authenticatedcontributor-stored-cross-site-scripting-via-metabox</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-261-cryptographic-weakness</loc>
<lastmod>2008-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stout-google-calendar/stout-google-calendar-123-cross-site-request-forgery-via-sgc_plugin_options</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-265-cross-site-request-forgery</loc>
<lastmod>2019-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greek-multi-tool/greek-multi-tool-231-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4152-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonify/amazonify-081-cross-site-request-forgery-to-amazon-tracking-id-update</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squelch-tabs-and-accordions-shortcodes/squelch-tabs-and-accordions-shortcodes-048-authenticated-contributor-stored-cross-site-scripting-via-tab-shortcode</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fl3r-accessibility-suite/fl3r-accessibility-suite-14-authenticated-contributor-stored-cross-site-scripting-via-fl3raccessibilitysuite-shortcode</loc>
<lastmod>2025-06-26T19:05:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweetdate/sweet-date-401-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6528-reusable-captcha-via-validateimage</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gloria-assistant-by-webtronic-labs/i-am-gloria-114-cross-site-request-forgery</loc>
<lastmod>2025-03-04T19:18:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcp-contact-form/wcp-contact-form-310-reflected-cross-site-scripting-via-tab-parameter</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/customer-area-827-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-160-missing-authorization-to-authenticated-author-arbitrary-content-deletion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-wordpress-help-desk-112-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-19991-unauthenticated-information-exposure</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-protect-login-form-208-missing-authorization</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api-info-themes-plugins-wp-org/api-info-for-plugins-themes-from-wporg-104-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-ffl-cockpit/g-ffl-cockpit-171-improper-authorization-to-unauthenticated-product-deletion</loc>
<lastmod>2025-12-05T17:38:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14103-missing-authorization-to-authenticated-subscriber-payment-bypass-via-stm_payment_status-parameter</loc>
<lastmod>2026-05-11T19:56:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-825-unauthenticated-post-disclosure</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-41522-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wte-elementor-widgets/wp-travel-engine-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/persian-woocommerce-sms-7010-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3audible-amazon-s3-music-player/s3bubble-amazon-s3-media-streaming-354-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1122-unauthenticated-file-export-download</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2761-authenticated-contributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2025-01-20T21:55:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/srbtranslatin-146-cross-site-request-forgery</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fabrica/fabrica-181-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/predictive-search/predictive-search-122-missing-authorization</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/domain-theme/domain-theme-13-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-41732-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-poster/pdf-poster-pdf-embedder-plugin-for-wordpress-2117-reflected-cross-site-scripting</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-image/hover-image-141-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5913-authenticated-author-php-object-injection-via-error_resetpassword</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-342-missing-authorization-checks</loc>
<lastmod>2012-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-by-made-it/forms-1122-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-contactform/ht-contact-form-7-200-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moneyflow/moneyflow-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-4811-unauthenticated-php-object-injection-via-phar</loc>
<lastmod>2025-04-25T17:04:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beam-me-up-scotty/beam-me-up-scotty-back-to-top-button-1021-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-400-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-premium-11461-sql-injection</loc>
<lastmod>2016-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-food-and-drink-menu/responsive-food-and-drink-menu-23-authenticated-contributor-stored-cross-site-scripting-via-display_pdf_menus-shortcode</loc>
<lastmod>2025-06-25T13:45:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-383-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpful/helpful-4514-authorization-bypass-to-repeat-voting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpdesk-contact-form/helpdesk-contact-form-plugin-115-cross-site-request-forgery-to-settings-update-via-handle_query_args</loc>
<lastmod>2026-01-06T18:33:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-15-reflected-cross-site-scripting</loc>
<lastmod>2015-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-26-reflected-cross-site-scripting-via-file</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphicsly/graphicsly-the-ultimate-graphics-plugin-for-wordpress-website-builder-gutenberg-elementor-beaver-builder-wpbakery-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-24T12:17:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraft-plus-12224-information-disclosure-via-updraft_ajaxrestore</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-woocommerce-customizer/easy-woocommerce-customizer-102-reflected-cross-site-scripting</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/logtik/logtik-23-reflected-cross-site-scripting</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/risk-warning-bar/risk-warning-bar-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-list/newsticker-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-314-improper-authorization-to-unauthenticated-purchase-verification-bypass-via-forged-cookie</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-151-unauthenticated-arbitrary-file-upload-via-uploadfile</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-251-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-organizer/font-organizer-211-reflected-cross-site-scripting</loc>
<lastmod>2019-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/educenter/educenter-157-missing-authorization-via-activate_plugin</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/wordpress-crm-email-marketing-automation-for-wordpress-award-winner-groundhogg-135-remote-code-execution</loc>
<lastmod>2019-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-480-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-267-authenticated-admin-sql-injection</loc>
<lastmod>2015-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datatable/wp-datatable-027-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-countdown/the-countdown-201-authenticated-contributor-stored-cross-site-scripting-via-clientid-parameter</loc>
<lastmod>2025-06-25T14:06:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-checkout/wp-checkout-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-871-missing-authorization-to-board-term-deletion</loc>
<lastmod>2024-12-02T20:21:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-341-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosa-ai-for-woocommerce/integration-opvius-ai-for-woocommerce-130-unauthenticated-arbitrary-file-deletionread-via-path-traversal</loc>
<lastmod>2026-01-13T17:20:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exploit-scanner/exploit-scanner-133-full-path-disclosure</loc>
<lastmod>2013-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosidebars-sbm-converter/woosidebars-sidebar-manager-converter-111-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stetic/stetic-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cta/wordpress-calls-to-action-228-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61513-missing-authorization-to-authenticated-subscriber-data-migration-control</loc>
<lastmod>2026-01-20T01:45:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-multi-uploader/multi-uploader-for-gravity-forms-117-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-12-11T15:06:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3138-authenticated-contributor-stored-cross-site-scripting-via-user_meta-and-compare-shortcodes</loc>
<lastmod>2025-06-02T21:31:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/paramount/paramount-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-projects-portfolio/wp-projects-portfolio-with-client-testimonials-30-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dolcino/dolcino-pastry-and-cake-shop-wordpress-theme-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bird-feeder/bird-feeder-123-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce-style-email/wp-e-commerce-style-email-062-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder/doofinder-054-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-tables-for-wpbakery-page-builder/pricing-tables-for-wpbakery-page-builder-formerly-visual-composer-20-authenticated-subscriber-local-file-inclusion-via-shortcode</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6090-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-8723-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-230-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-123-missing-authorization-to-plugin-settings-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trust-payments-hosted-payment-pages-integration/trust-payments-gateway-for-woocommerce-114-unauthenticated-sql-injection</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listinghub/listinghub-126-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-284-authenticated-contributor-arbitrary-file-deletion-via-mfn-icon-upload</loc>
<lastmod>2026-05-04T21:38:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelfic-toolkit/travelfic-toolkit-133-missing-authorization</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css/custom-css-js-php-230-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T18:17:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counter-box/counter-box-2013-authenticated-administrator-php-object-injection-via-import</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-stripe-checkout/simple-stripe-checkout-1128-reflected-cross-site-scripting</loc>
<lastmod>2025-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51162-authenticated-subscriber-stored-cross-site-scripting-via-form_page_id-parameter</loc>
<lastmod>2026-06-15T17:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-custom-login/admin-custom-login-327-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T06:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bello/directory-listing-160-reflected-cross-site-scripting</loc>
<lastmod>2021-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reveal-template/reveal-template-37-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:35:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-263-authenticated-contributor-stored-cross-site-scripting-via-image-box</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-recount-earnings/easy-digital-downloads-recount-earnings-237-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmr-strava-activities/nmr-strava-activities-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-redirector/geo-redirector-101-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2671-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-matomo-tracking-code/simple-matomo-tracking-code-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid-megamenu/mega-menu-block-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/js-paper/js-paper-257-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2100-unauthenticated-sql-injection-via-search-parameter</loc>
<lastmod>2025-03-04T21:53:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilepro/profilepro-13-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemeland-bulk-posts-editing-lite/bulk-posts-editing-for-wordpress-423-cross-site-request-forgery</loc>
<lastmod>2024-05-16T07:33:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-future/slider-future-105-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-02-18T15:54:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-534-missing-authorization-via-openai_file_upload_callback</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-calendar/appointment-calendar-274-multiple-reflected-cross-site-scripting</loc>
<lastmod>2016-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-pet-shop/vw-pet-shop-147-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-cross-site-request-forgery-via-create_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tips-shortcode/tips-shortcode-021-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:18:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1433-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-22T18:30:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5992-authenticated-subscriber-stored-cross-site-scripting-via-message-content</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-meta-data/debug-meta-data-112-stored-cross-site-scripting</loc>
<lastmod>2020-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-reports/wp-client-reports-1016-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nirvana/nirvana-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-predictive-search/woocommerce-predictive-search-601-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-addon-templates-widgets-kits-woocommerce-builders-609-authenticated-author-sensitive-information-exposure-to-privilege-escalation</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-visual-composer-75-authenticated-contributor-stored-cross-site-scripting-via-post-title-tag-attribute</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mts-url-shortener/url-shortener-by-mythemeshop-1016-missing-authorization</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bbe/bbe-153-authorization-bypass</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3157-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fyrebox-shortcode/fyrebox-quizzes-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-153-sql-injection</loc>
<lastmod>2014-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-176-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rduplicator/quick-post-duplicator-20-authenticated-contributor-sql-injection-via-post_id</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-images/popup-images-unknown-version-cross-site-scripting</loc>
<lastmod>2014-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shayanweb-admin-fontchanger/shayanweb-admin-fontchanger-191-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-sync/post-sync-11-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-309-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-494-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-sensitive-data-exposure</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-calendar-pro/the-events-calendar-pro-702-authenticated-administrator-php-object-injection-to-remote-code-execution</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asambleas/wp-asambleas-2850-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-edit-templates/edit-woocommerce-templates-111-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multicarousel/multiple-carousel-20-unauthenticated-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categories-images/categories-images-331-authenticated-contributor-stored-cross-site-scripting-via-z_taxonomy_image-shortcode</loc>
<lastmod>2026-04-17T21:16:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygen/oxygen-44-cross-site-request-forgery</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-8314-missing-authorization-to-plugin-version-downgrade</loc>
<lastmod>2023-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-6012-authentication-bypass</loc>
<lastmod>2026-02-11T12:46:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-chat/wise-chat-334-unauthenticated-stored-cross-site-scripting-via-x-forwarded-for-header</loc>
<lastmod>2025-06-16T13:03:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-evaluation-for-statify/statify-extended-evaluation-263-authenticated-admin-csv-injection</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplite/wplite-131-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-coccoc-pht-blog/call-now-pht-blog-241-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-237-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-current-date/shortcode-for-current-date-214-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nano-ad/wp-nano-ad-131-authenticated-administrator-stored-cross-site-scripting-via-blogrole_link-parameter</loc>
<lastmod>2026-06-01T19:44:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-bws/rating-by-bestwebsoft-15-rating-denial-of-service</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-137-unauthenticated-remote-code-execution</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-all-posts-products-orders-refunds-users-219-cross-site-request-forgery-to-sensitive-information-exposure</loc>
<lastmod>2025-12-01T16:23:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-comfort-database/ts-comfort-db-207-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/resido/resido-real-estate-wordpress-theme-36-missing-authorization-to-unauthenticated-server-side-request-forgery-and-api-key-settings-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3343-cross-site-request-forgery-to-password-reset</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-global-badge-module</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-342-missing-authorization-to-arbitrary-post-overwrite</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-ai-copilot-chatbot-woocommerce-lead-gen-zero-prompt-content-120-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-marketing-for-wp/smart-marketing-sms-and-newsletters-forms-200-cross-site-scripting</loc>
<lastmod>2017-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meals-wheels/meals-wheels-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-523-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kontur-admin-style/kontur-admin-style-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-148-reflected-cross-site-scripting</loc>
<lastmod>2018-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-create-smart-woocommerce-coupons-discounts-bulk-discount-bogo-coupons-265-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T12:23:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-42-reflected-cross-site-scripting</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-412-captcha-bypass</loc>
<lastmod>2016-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-payments/paytm-payment-gateway-270-unauthenticated-server-side-request-forgery</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-3308-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-sweet-alert-popup/popup-for-cf7-with-sweet-alert-165-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2292-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-466-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/auto-repair/auto-repair-226-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-143-cross-site-scripting</loc>
<lastmod>2015-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-system/banner-system-100-privilege-escalation</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-263-missing-authorization</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thrive-theme/thrive-theme-builder-3242-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-supreme/team-member-44-authenticated-editor-stored-cross-site-scripting-via-new_style_name</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-332-authenticated-contributor-privilege-escalation-via-eh_crm_edit_agent-ajax-action</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2728-missing-authorization</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-905-cross-site-request-forgery-via-delete_database</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapme/mapme-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesmerize-companion/mesmerize-companion-16133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-3119-cross-site-request-forgery</loc>
<lastmod>2026-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.6/wordpress-core-262-arbitrary-user-password-reset</loc>
<lastmod>2008-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-266-reflected-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-widget/image-widget-4410-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-1755-reflected-cross-site-scripting</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sparkle-elementor-kit/sparkle-elementor-kit-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1118-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legull/legull-122-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spideranalyse/spideranalyse-001-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-addons-for-elementor/easy-addons-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/q-and-a/q-and-a-1062-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-180-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-slider/smooth-slider-27-authenticated-sql-injection</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-347-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_first_name-shortcode</loc>
<lastmod>2023-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sms/sms-for-woocommerce-281-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-12-16T19:02:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spike/spike-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-slider/smooth-slider-287-authenticated-sql-injection</loc>
<lastmod>2018-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-post-plus-extension/mainwp-post-plus-extension-403-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-table/product-table-for-woocommerce-508-reflected-cross-site-scripting</loc>
<lastmod>2025-12-20T14:43:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emoji-shortcode/emoji-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-cf7-database/peprodev-cf7-database-200-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2942-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-2065-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-email-marketer/wp-ultimate-email-marketer-120-authentication-bypass</loc>
<lastmod>2013-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fitline/fitline-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sticky-sidebar/wordpress-cta-170-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/crius/crius-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-maintenance-mode/yith-maintenance-mode-138-multiple-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/productive-style/productive-style-1123-authenticated-contributor-stored-cross-site-scripting-via-display_productive_breadcrumb-shortcode</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-445-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonto/fonto-custom-web-fonts-manager-121-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-16T20:46:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolleo/portfolleo-12-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-301-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyrecipe/easyrecipe-353251-cross-site-request-forgery</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-request-a-quote/elex-woocommerce-request-a-quote-235-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-button-widget/back-button-widget-168-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-sound-widget-for-soundcloud-and-artistplugme-visualdreams/visual-sound-old-106-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-347-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-online-food-ordering-system-300-321-unauthenticated-information-exposure-to-authentication-bypass-via-forged-jwt</loc>
<lastmod>2025-10-02T22:17:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beauty-contact-popup-form/beauty-contact-popup-form-60-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-22-missing-authorization</loc>
<lastmod>2026-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-featured-images-from-videos/automatic-featured-images-from-videos-124-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/customizable-wordpress-gallery-plugin-modula-image-gallery-269-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-from-acurax/under-construction-maintenance-mode-from-acurax-26-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-763-authenticatedauthor-insecure-direct-object-reference</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shamsi/wp-shamsi-411-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-for-features/icons-for-features-100-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-76-authenticated-contributor-stored-cross-site-scripting-via-vc-single-image-link-attribute</loc>
<lastmod>2024-06-12T18:40:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-802-unauthenticated-information-epxosure</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-internal-links-for-seo/internal-linking-for-seo-traffic-ranking-auto-internal-links-100-automatic-121-authenticated-administrator-sql-injection-via-post_id-parameter</loc>
<lastmod>2024-11-26T23:25:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/megamenu/max-mega-menu-33-missing-authorization</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-refund-and-exchange/woocommerce-refund-and-exchange-with-rma-warranty-management-refund-policy-manage-user-wallet-326-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyindex/easyindex-111704-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/product-table-and-list-builder-for-woocommerce-lite-463-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1512-cross-site-scripting</loc>
<lastmod>2005-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scw-seat-reservation/advance-seat-reservation-management-for-woocommerce-33-unauthenticated-sql-injection</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-292-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p-css-editor/h5p-css-editor-10-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-customer-product-report/ni-woocommerce-customer-product-report-124-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-08-22T15:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tier-management-petfinder/pet-manager-petfinder-361-authenticated-contributor-stored-cross-site-scripting-via-kwm-petfinder-shortcode</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-crm/fluent-crm-2844-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leopard-wordpress-offload-media/leopard-wordpress-offload-media-2036-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3111-missing-authorization</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-605-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtm-server-side/gtm-server-side-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ms-registration/custom-login-and-registration-100-missing-authorization</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8027-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-218-reflected-cross-site-scripting-via-wpforo_debug</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gallery-transformation/wordpress-gallery-transforation-07-sql-injection</loc>
<lastmod>2017-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-verification/user-verification-by-pickplugins-2046-unauthenticated-authentication-bypass-via-otp-verification-rest-api-endpoint</loc>
<lastmod>2026-05-01T15:46:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-471-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-5303-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rename-wp-login/rename-wp-loginphp-260-cross-site-request-forgery-unauthenticated-settings-change</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-23-directory-traversal</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myagileprivacy/my-agile-privacy-217-authenticated-contributor-stored-cross-site-scripting-vis-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-179270-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-custom-taxonomy-widget/list-custom-taxonomy-widget-41-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazing-neo-icon-font-for-elementor/amazing-neo-icon-font-for-elementor-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaver-for-bbpress/turnkey-bbpress-by-weavertheme-163-reflected-cross-site-scripting-via-_wpnonce-parameter</loc>
<lastmod>2025-01-03T21:19:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-recargo-de-equivalencia/woocommerce-recargo-de-equivalencia-1624-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4045-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsv-360-view/rsv-360-view-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1105-sensitive-data-exposure</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-blocks/cp-blocks-1020-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-157-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-count-plus/social-count-plus-533-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery-pro/easy-media-gallery-pro-1259-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2014-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tailpress/tailpress-044-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3speedster-wp/w3speedster-725-cross-site-request-forgery</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2821-authenticatedlevel_5-sql-injection-via-get_logs</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callrail-phone-call-tracking/callrail-phone-call-tracking-052-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-captcha/recaptcha-by-bestwebsoft-112-captcha-bypass</loc>
<lastmod>2015-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin-forms/optin-forms-136-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-5101-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-booking/jetbooking-403-unauthenticated-sql-injection-via-check_in_date-parameter</loc>
<lastmod>2026-03-10T17:33:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3910-authenticated-contributor-stored-cross-site-scripting-via-ms_layer-shortcode</loc>
<lastmod>2024-06-17T14:11:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-html-bodyhead/wordpress-html-051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-ultimate-hotel-booking-travel-booking-apartment-booking-wordpress-plugin-woocommerce-booking-2153-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-bio-box/author-bio-box-331-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-perfect-plugin/w3p-seo-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nabz-image-gallery/nabz-image-gallery-v100-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitter-button/wp-twitter-button-141-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4011-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fields-account-registration-for-woocommerce/custom-fields-account-registration-for-woocommerce-12-authenticated-author-privilege-escalation</loc>
<lastmod>2025-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-review/penci-review-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8800002-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-226-reflected-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-via-ajax_delete_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyappointments/easyappointments-140-authenticatedsubscriber-arbitrary-file-deletion-via-disconnect</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-3522-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75447212-authenticated-contributor-arbitrary-redirect</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-47-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9310-authenticated-subscriber-local-file-inclusion-to-privilege-escalation-via-password-update</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-classic/uberslider-26-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-563-authenticated-editor-sql-injection</loc>
<lastmod>2024-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superfly-menu/wordpress-menu-plugin-superfly-responsive-menu-5029-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-08-01T17:45:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-redirection/all-in-one-redirection-210-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6526-race-condition-to-vote-manipulation</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unnamed/unnamed-12171-and-unnamed-se-103-cross-site-scripting</loc>
<lastmod>2007-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/wp-attachments-504-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-photo-reviews/woocommerce-photo-reviews-review-reminders-review-for-discounts-1313-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traffic-manager/traffic-manager-145-missing-authorization</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadster-marketing-conversacional/leadster-112-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navigation-menu-as-dropdown-widget/navigation-menu-as-dropdown-widget-134-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-221-improper-input-validation-to-authenticated-subscriber-rating-manipulation</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-special-characters/async-263-and-3-322-prototype-pollution</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-sandwich/page-builder-sandwich-front-end-page-builder-510-missing-authorization</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-312-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-212-cross-site-request-forgery-to-file-upload</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14610-sql-injection</loc>
<lastmod>2015-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-external-links/wp-external-links-181-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-finder/internal-link-optimiser-512-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funkitools/funkitools-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-14T19:45:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leads-for-amo-crm/the-integration-of-the-amocrm-101-cross-site-request-forgery</loc>
<lastmod>2025-09-10T19:04:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wp-simple-html-sitemap-35-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-debugging/wp-debugging-2117-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blackfyre/blackfyre-254-cross-site-request-forgery</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-246-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/redline/redline-166-reflected-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-2170-cross-site-scripting-via-data-import</loc>
<lastmod>2022-06-10T08:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-export-pdf-tool-for-wordpress-13217-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-05-07T20:45:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobcareer/jobcareer-73-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-companion/ultra-companion-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-coming-soon/custom-coming-soon-22-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-21011-reflected-cross-site-scripting-via-message</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-275-authenticated-contributor-stored-cross-site-scripting-via-type-parameter</loc>
<lastmod>2025-07-21T11:35:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-941-authenticated-blind-sql-injection</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-320-reflected-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reality/reality-estate-multipurpose-wordpress-theme-253-reflected-cross-site-scripting</loc>
<lastmod>2020-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-header-on-scroll/sticky-header-on-scroll-10-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-167-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sh-contextual-help/sh-contextual-help-321-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:38:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1081-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-446-unauthenticated-php-object-injection-via-cookies</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-order-export/ni-woocommerce-order-export-316-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1240-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-for-wordpress-2521-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-recent-purchases/woocommerce-recent-purchases-101-authenticated-admin-local-file-inclusion</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-27122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T05:20:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-manager/contact-form-manager-143-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-auction-432-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doctor-appointment-booking/doctor-appointment-booking-100-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-252-missing-authorization-to-unauthenticated-database-backup-interception</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-438-reflected-cross-site-scripting-vulnerability-via-environment_mode</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triply/triply-247-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-page-shipping-calculator-for-woocommerce/product-page-shipping-calculator-for-woocommerce-1325-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-105-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-302-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T22:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-content-spoofing</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/update-urls/update-urls-quick-and-easy-way-to-search-old-links-and-replace-them-with-new-links-in-wordpress-141-unauthenticated-open-redirect</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel/my-youtube-channel-3233-cross-site-request-forgery-to-cache-deletion</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-club-lite/genesis-club-lite-117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-852-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-309-reflected-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libro-de-reclamaciones-y-quejas/libro-de-reclamaciones-y-quejas-09-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-519-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-589-unauthenticated-basic-information-exposure</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome/font-awesome-431-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-form-email-subscribers-newsletters-1043-unauthenticated-stored-cross-site-scripting-via-ip-parameter</loc>
<lastmod>2025-02-18T15:02:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-google-maps/responsive-google-maps-by-imbaa-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-shortcodes/lana-shortcodes-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-plus-wpml/mf-plus-wpml-11-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-poll-afo/wp-easy-poll-229-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-203-unauthenticated-php-object-injection</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-point-of-salepos/woocommerce-point-of-sale-pos-14-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xsmart/xsmart-1294-missing-authorization</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-addons-for-wpforms/ultra-addons-for-wpforms-1011-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-208-authenticated-subscriber-privilege-escalation-via-multisite-capability-meta-fields</loc>
<lastmod>2026-05-01T16:14:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appexperts/appexperts-143-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-menu-edit/bulk-menu-edit-130-missing-authorization</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress-frontend/directorypress-frontend-279-cross-site-request-forgery-to-listing-status-update</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postaffiliatepro/post-affiliate-pro-1280-authenticated-administrator-server-side-request-forgery-via-post-affiliate-pro-url-field</loc>
<lastmod>2026-03-20T15:20:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hb-audio-gallery/hb-audio-gallery-30-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/points-and-rewards-for-woocommerce/points-and-rewards-for-woocommerce-150-cross-site-request-forgery-to-settings-change</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-elements/master-elements-80-unauthenticated-sql-injection</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solidres/solidres-094-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-296-open-redirect</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar/top-bar-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-130-authenticated-contributor-php-object-injection</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-240-reflected-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-messenger-customer-chat/facebook-chat-plugin-15-missing-capabilities-check</loc>
<lastmod>2020-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4295-cross-site-scripting</loc>
<lastmod>2014-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-station/radio-station-2409-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-portfolio/easy-portfolio-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftnav-responsive-mobile-menu/shiftnav-responsive-mobile-menu-171-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-383-cross-site-request-forgery</loc>
<lastmod>2023-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baw-post-views-count/post-views-count-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-responsive-image-gallery-443-authenticated-blind-sql-injections</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandphotography/grand-photography-578-cross-site-request-forgery</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-add-to-cart-custom-redirect/woocommerce-add-to-cart-custom-redirect-1213-authenticatedcontributor-missing-authorization-to-limited-arbitrary-options-update</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consultaid/consult-aid-143-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-code-snippets-extension/mainwp-code-snippets-extension-402-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-3015-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-blog-card/simple-blog-card-131-sensitive-information-exposure</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avcp/anac-xml-bandi-di-gara-75-cross-site-request-forgery-via-settingsphp</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dvs-custom-notification/dvs-custom-notification-101-cross-site-request-forgery</loc>
<lastmod>2012-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-20671-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshdesk-support/freshdesk-official-236-open-redirect</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-577-author-stored-cross-site-scripting</loc>
<lastmod>2018-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsm-downloader/wsm-downloader-140-arbitrary-file-download</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatex/affiliatex-100-1393-authenticated-subscriber-missing-authorization-to-stored-cross-site-scripting-via-save_customization_settings</loc>
<lastmod>2026-01-15T00:30:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-addon-for-elementor-page-builder/pdf-generator-addon-for-elementor-page-builder-200-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-11-15T15:00:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/partners/partners-020-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uber-grid/wordpress-portfolio-builder-portfolio-gallery-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-18T19:35:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustmate-io-integration-for-woocommerce/trustmateio-woocommerce-integration-1140-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-2311-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hkdev-maintenance-mode/maintenance-mode-301-information-exposure</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-counter-up/counter-up-animated-number-counter-milestone-showcase-240-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-26T18:29:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-1513-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-privilege-escalation-via-xml-rpc</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetformbuilder/jetformbuilder-dynamic-blocks-form-builder-361-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiprocket/shiprocket-208-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mindmeister-shortcode/mindmeister-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homerunner-smartcheckout/homerunner-1030-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-25T14:07:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3381-reflected-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-268-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-amazon/wp-lister-lite-for-amazon-2611-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-instagram-portfolio/gs-insever-portfolio-145-missing-authorization-to-authenticated-subscriber-css-injection</loc>
<lastmod>2025-01-08T21:59:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securimage-wp/securimage-wp-3616-cross-site-request-forgery</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidio-gallery/tidio-gallery-11-reflected-cross-site-scripting</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentlock/contentlock-103-cross-site-request-forgery-to-email-adding</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wha-puzzle/wha-puzzle-109-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-excel-import/import-excel-to-gravity-forms-118-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-giftxtore/giftxtore-175-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appy-pie-connect-for-woocommerce/appy-pie-connect-for-woocommerce-112-missing-authorization-to-unauthenticated-privilege-escalation-via-reset_user_password</loc>
<lastmod>2025-10-02T22:31:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-htpasswd/wp-htpasswd-17-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-buttons-by-supsystic/social-share-buttons-by-supsystic-223-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-edit-templates/edit-woocommerce-templates-112-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-10-17T15:41:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-414-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-newsletter/email-newsletter-80-sensitive-information-disclosure</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting-via-aux_gmaps-shortcode</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-46-authenticated-contributor-stored-cross-site-scripting-via-iframe-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connector-civicrm-mcrestface/connector-to-civicrm-with-civimcrestface-108-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4317-missing-authorization</loc>
<lastmod>2020-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-484-cross-site-request-forgery</loc>
<lastmod>2021-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fapi-member/fapi-member-2229-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-208-insufficient-authorization-to-unauthorized-post-deletion</loc>
<lastmod>2023-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1211-reflected-cross-site-scripting</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yvora/yvora-premium-wordpress-theme-portfolio-unspecified-version-arbitrary-file-upload</loc>
<lastmod>2012-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-860-incorrect-authorization-to-video-file-upload</loc>
<lastmod>2025-11-05T16:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-clock/time-clock-a-wordpress-employee-volunteer-time-clock-plugin-131-authenticated-custom-stored-cross-site-scripting</loc>
<lastmod>2025-10-23T19:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/revo/revo-4026-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/tripetto-8011-unauthentiated-stored-cross-site-scripting-via-form-file-upload</loc>
<lastmod>2024-11-14T16:36:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-finder/link-fixer-34-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T16:50:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rps-include-content/rps-include-content-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1355-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-when-you-need-more-than-just-a-contact-form-2995-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-template-171001-authenticated-contributor-dom-based-stored-cross-site-scripting-via-google-maps-widget</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directory-pro/directory-pro-255-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-232-cross-site-scripting</loc>
<lastmod>2008-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-insurance/wp-insurance-wordpress-insurance-service-plugin-213-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-kit-elementor-addons/news-kit-elementor-addons-134-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-broken-link-checker/url-shortener-conversion-tracking-ab-testing-woocommerce-902-cross-site-request-forgery</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-095-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-launcher/site-launcher-094-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-block-leaflet/map-block-leaflet-321-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-05-28T19:38:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-40-reflected-cross-site-scripting-via-td_video_url</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluet-keywords-tooltip-generator/tooltipy-559-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-total-hacks/wp-total-hacks-472-authenticated-subscriber-plugin-options-update-to-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-wall/news-wall-110-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3620-authenticated-instructor-sensitive-information-exposure</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-meta-editor/simple-user-meta-editor-100-authenticated-administrator-stored-cross-site-scripting-via-user-meta-value-field</loc>
<lastmod>2026-01-06T18:33:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-212-sql-injection</loc>
<lastmod>2018-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anthology/anthology-145-arbitrary-file-upload</loc>
<lastmod>2013-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-pilot/wp-content-pilot-autoblogging-affiliate-marketing-plugin-133-authenticated-contributor-content-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-282-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-font-loader/icons-font-loader-114-authenticatedadministrator-arbitrary-file-upload</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cakifo/cakifo-10-161-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-2001-unauthenticated-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-by-publishers/wp-rss-by-publishers-01-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-geo-posts-free/my-geo-posts-free-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshare247-elementor-addons/wpshare247-elementor-addons-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-036-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cookies-enabler/wp-cookies-enabler-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workio/workio-102-reflected-cross-site-scripting</loc>
<lastmod>2020-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-2910-cross-site-request-forgery</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooexim/wooexim-woocommerce-export-import-plugin-500-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-embed-code/code-embed-251-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-0514-sql-injection</loc>
<lastmod>2015-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-421-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flipclock/wp-flipclock-174-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/malmo/malm-22-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-334-race-condition</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-viber/appsero-200-missing-authorization-via-handle_optin_optout</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feeds-for-youtube/feeds-for-youtube-21-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/woocommerce-stock-manager-257-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1825-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-job-board/ninja-job-board-ultimate-wordpress-job-board-plugin-132-cross-site-scripting</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cits-support-svg-webp-media-upload/cits-support-svg-webp-media-and-ttfotf-file-upload-use-custom-fonts-42-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-21T18:04:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-1092-authenticated-contributor-dom-based-stored-cross-site-scripting-via-booking-shortcode</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-228-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-07-03T13:38:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shalom-world-media-gallery/sw-plus-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-restaurant-menu-online-food-ordering-and-reservation-booking-solution-307-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shipos-delivery/deliver-via-shipos-for-woocommerce-217-reflected-cross-site-scripting-via-dvsfw_bulk_label_url-parameter</loc>
<lastmod>2025-01-08T22:09:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kapee/kapee-170-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caldera-forms/caldera-forms-more-than-contact-forms-140-sensitive-information-disclosure</loc>
<lastmod>2016-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-migration-for-learndash/course-migration-for-learndash-102-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-135-authenticated-editor-local-file-inclusion</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-273-unauthenticated-authentication-bypass</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-job-board-wordpress-theme-2031-stored-cross-site-scripting</loc>
<lastmod>2021-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-2213-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coronavirus-data-widgets/coronavirus-covid-19-outbreak-data-widgets-111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-289-reflected-cross-site-scripting</loc>
<lastmod>2014-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-154-authenticated-subscriber-missing-authorization-to-multiple-functions</loc>
<lastmod>2025-10-29T00:01:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ki-live-video-conferences/ki-live-video-conferences-5515-unauthenticated-information-disclosure</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4117-authenticated-contributor-stored-cross-site-scripting-via-meta-text</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-279-reflected-cross-site-scripting</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stepbyteservice-openstreetmap/various-plugins-various-version-use-of-polyfillio</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-432-missing-authorization</loc>
<lastmod>2026-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rearrange-woocommerce-products/rearrange-woocommerce-products-307-subscriber-sql-injection</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcasa/wpcasa-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-3120-cross-site-request-forgery</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/woocommerce-conditional-marketing-mailer-151-improper-authorization</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-monkey-forms/snow-monkey-forms-1203-unauthenticated-arbitrary-file-deletion-via-path-traversal</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-690-missing-authorization</loc>
<lastmod>2021-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-bar-dashboard-control/admin-bar-dashboard-control-128-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owl-carousel/owl-carousel-053-missing-authorization-via-save_paramterphp</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockstrap-page-builder-blocks/blockstrap-page-builder-bootstrap-blocks-0136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-manager/media-file-manager-142-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2018-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloasso/helloasso-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-409-authenticated-contributor-stored-cross-site-scripting-via-select-html-tag</loc>
<lastmod>2025-06-18T16:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-331-missing-authorization-in-crp_ajax_clearcache</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thesis-openhook/openhook-430-authenticated-subscriber-remote-code-execution-via-shortcode</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-feed-manager/woocommerce-google-feed-manager-242-authenticated-admin-sql-injection-to-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-111-arbitrary-file-deletion</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-273-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-341-sql-injections</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eight-day-week-print-workflow/eight-day-week-print-workflow-125-authenticated-custom-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-blocks/smart-blocks-24-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addify-product-stock-manager/product-stock-manager-105-missing-authorization-and-cross-site-request-forgery</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/artificial-intelligence/artificial-intelligence-124-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-cse/google-cse-107-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-manager/woocommerce-checkout-manager-426-unauthenticated-arbitrary-media-deletion</loc>
<lastmod>2019-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-galerie-4/acf-galerie-4-142-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-messages/wpc-smart-messages-for-woocommerce-428-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4025-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-compliance/gdpr-cookie-compliance-4156-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-258-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-180-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-140-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-449-unauthenticated-remote-code-execution</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-property-listing-and-agent-management-73-captcha-bypass</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-google-analytics-for-wordpress/easy-google-analytics-for-wordpress-160-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-design/woocommerce-product-design-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/billingo/official-integration-for-billingo-339-reflected-cross-site-scripting</loc>
<lastmod>2022-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-467-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pta-member-directory/member-directory-and-contact-form-170-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovation-elements/ovation-elements-112-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-5026-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-294-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-21T16:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-plugin-1325-cross-site-scripting-and-cross-frame-scripting</loc>
<lastmod>2020-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-title_size</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/imevent/imevent-340-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailydeal/dailydeal-by-templatic-3010-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2013-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-livephp/wp-livephp-121-cross-site-scripting</loc>
<lastmod>2012-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-205-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gntt-post-title-ticker/gntt-post-title-ticker-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:21:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-front-end-login-form-user-registration-user-profile-members-directory-plugin-for-wordpress-1210-unauthenticated-sql-injection-via-uwp_sort_by</loc>
<lastmod>2024-06-28T16:33:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-default-feature-image/wp-default-feature-image-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-reflected-cross-site-scripting</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger/tiger-20-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-that/wp-hidethat-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-121-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-287-missing-authorization-to-unauthenticated-media-deletion</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-your-sites-with-xcloner-486-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/UNKNOWN-CVE-2023-5509-1/my-sticky-bar-267-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-235-unauthenticated-stored-cross-site-scripting-via-edit_doc_one_page</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-260-authenticated-administrator-sql-injection</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-miniaudioplayer/mbminiaudioplayer-176-multiple-vulnerabilities</loc>
<lastmod>2016-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsexo/newsexo-71-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-228-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-142-reflected-cross-site-scripting</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendarista/calendarista-1557-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-26100-missing-authorization-to-authenticated-subscriber-campaign-data-exposure</loc>
<lastmod>2026-02-13T18:31:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-2041-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-text-field-for-contact-form-7/dynamic-text-field-for-contact-form-7-2022-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echoza/echoza-011-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-605-order-replay-vulnerability</loc>
<lastmod>2025-04-15T16:56:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4997-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-and-migration-09106-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-tour-booking-plugin-tour-operator-software-6710-missing-authorization</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-146-authenticated-contributor-sensitive-information-exposure-via-elementor-template</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plausible-analytics/plausible-analytics-123-missing-authorization</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pdf-restaurant-menu-upload/easy-restaurant-menu-manager-201-authenticated-contributot-stored-cross-site-scripting-via-nsc_eprm_menu_link-shortcode</loc>
<lastmod>2025-07-03T19:04:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-manager-light/blog-manager-light-120-cross-site-request-forgery-via-bml_settings</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3148-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-18T16:29:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tools/woocommerce-tools-129-missing-authorization-to-authenticated-subscriber-plugin-module-deactivation</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-specifications/product-specifications-for-woocommerce-089-missing-authorization-to-authenticated-subscriber-arbitrary-attributegroup-creation-modification-and-deletion-via-dwps_modify_groups-and-dwps_modify_attributes-ajax-actions</loc>
<lastmod>2026-06-26T17:56:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1402-missing-authorization-to-authenticated-contributor-sensitive-information-disclosure</loc>
<lastmod>2026-06-30T16:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spirit-framework/spirit-framework-1213-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-domain-changer/automatic-domain-changer-202-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-475-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycurator/mycurator-content-curation-378-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2125-missing-authorization-via-api</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label/white-label-290-cross-site-request-forgery-via-white_label_reset_wl_admins</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-themes-icons/elegant-themes-icons-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghost/ghost-140-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/signup-page/signup-page-10-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3615-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prosolution-wp-client/prosolution-wp-client-199-unauthenticated-arbitrary-file-upload-via-prosol_fileuploadprocess</loc>
<lastmod>2026-04-08T05:07:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neon-product-designer-for-woocommerce/neon-product-designer-211-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-form/adfo-custom-data-in-admin-dashboard-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-putler-connector/putler-connector-for-woocommerce-2120-missing-authorization-via-send_resync_request</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vango/vango-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gerryworks-post-by-mail/gerryworks-post-by-mail-10-contributor-privilege-escalation</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-210-authenticated-seo-manager-stored-cross-site-scripting</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveys/surveys-1018-sql-injection</loc>
<lastmod>2017-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-saveconfig-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/clean-retina/clean-retina-306-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-private-store-for-woocommerce/build-private-store-for-woocommerce-10-cross-site-request-forgery</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-41-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-1610-authenticated-contributor-local-file-inclusion-via-post_type_ajax_handler</loc>
<lastmod>2025-01-23T21:41:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointmind/appointmind-400-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58013-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-denial-of-service</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-213-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ss-downloads/ss-downloads-1441-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-408-arbitrary-file-upload</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatter/chatter-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-events-tickets/easy-paypal-events-116-reflected-cross-site-scripting-via-page</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashe/ashe-2233-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovetravel/love-travel-20-37-reflected-cross-site-scripting</loc>
<lastmod>2020-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-next-post-navi/wp-next-post-navi-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-316-authenticated-contributor-stored-cross-site-scripting-via-advanced-heading</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-age-verify/easy-age-verify-182-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-google-adwords-conversion-tracking-tag/pixel-manager-for-woocommerce-1511-unauthenticated-information-exposure</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-309-unauthenticated-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1510-reflected-cross-site-scripting</loc>
<lastmod>2021-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-login-woocommerce/otp-login-woocommerce-gravity-forms-20-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-feedly/sync-feedly-101-cross-site-request-forgery-to-sync-trigger</loc>
<lastmod>2025-09-26T18:34:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doctor-appointment-booking/doctor-appointment-booking-100-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-community/fluentcommunity-200-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-stripe-144-reflected-cross-site-scripting</loc>
<lastmod>2025-02-22T16:23:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-745-missing-authorization-to-unauthenticated-private-post-content-disclosure-via-consent-area-rest-endpoint</loc>
<lastmod>2026-04-28T19:52:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-shortcodes/best-wordpress-shortcode-plugin-in-2025-aio-shortcodes-130-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-423-missing-authorization</loc>
<lastmod>2023-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt18-extensions/rt-theme-18-extensions-25-unauthenticated-information-exposure</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-listings/control-listings-1041-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irm-newsroom/irm-newsroom-1219-authenticated-contributor-stored-cross-site-scripting-via-irmeventlist-shortcode</loc>
<lastmod>2025-06-12T13:12:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-authenticated-admin-stored-cross-site-scripting-via-customizer</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-2120-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-pro-158-cross-site-scripting</loc>
<lastmod>2014-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-310-authenticated-admin-sql-injection-via-filtertext-parameter</loc>
<lastmod>2025-12-12T15:01:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-pro/everest-forms-pro-1912-unauthenticated-remote-code-execution-via-calculation-field</loc>
<lastmod>2026-03-30T12:00:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-svg-images/wp-svg-images-43-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-401-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-2242-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-557-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_accordion_item-shortcode</loc>
<lastmod>2026-02-06T17:29:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-visual-slidebox-builder/visual-slide-box-builder-329-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-ultimate-addon/ultimate-addons-for-beaver-builder-13513-authenticatedcontributor-directory-traversal-to-arbitrary-file-download</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favorites/favorites-233-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-plus-for-woocommerce-712-missing-authorization-to-order-information-disclosure</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-booking-and-rentals-wordpress-theme-244-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-deletion</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-calendar-events/simple-calendar-324-cross-site-request-forgery-via-duplicate_feed</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-325-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.5/wordpress-core-233-directory-traversal</loc>
<lastmod>2008-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/course-booking-system/course-booking-system-615-missing-authorization-to-unauthenticated-booking-data-export</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovestory/love-story-1312-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-locator/simple-locator-204-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-470-631-sensitive-information-exposure-via-user-search-rest-endpoint</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stateless/wp-stateless-google-cloud-storage-311-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sosh-share-buttons/sosh-share-buttons-110-cross-site-request-forgery</loc>
<lastmod>2026-01-13T17:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-151-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-file-ajax-upload-free/gravity-upload-ajax-11-unrestricted-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-234-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-auto-update/companion-auto-update-320-cross-site-request-forgery</loc>
<lastmod>2018-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-1044-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hiweb-export-posts/hiweb-export-posts-0900-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-07-23T20:47:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/short-tax-post/reales-wp-stpt-212-authenticated-subscriber-privilege-escalation-via-password-update</loc>
<lastmod>2025-05-05T13:03:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-locator/simple-locator-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-missing-authorization-checks-leading-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-19217-unauthenticated-csv-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/togo/togo-104-reflected-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-facebook-feed/10websocial-1126-authenticated-admin-sql-injection</loc>
<lastmod>2020-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-carousel-slider-for-elementor/product-carousel-slider-for-elementor-213-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-369-authenticated-admin-cross-site-scripting-via-label</loc>
<lastmod>2022-06-07T13:46:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-21310-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/granola/granola-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-booking-manager-for-woocommerce-514-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1114-missing-authorization-to-authenticated-contributor-arbitrary-modification-via-qsm_insert_quiz_template-ajax-action</loc>
<lastmod>2026-06-26T17:57:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-450-authenticated-stored-cross-site-scripting-via-text-block</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-125-reflected-cross-site-scripting</loc>
<lastmod>2018-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-116-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/stopbadbots-731-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wueen/wueen-020-authenticated-contributor-stored-cross-site-scripting-via-plugins-shortcode</loc>
<lastmod>2026-03-06T18:40:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-211-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20220207-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-324-authenticated-subscriber-privilege-escalation-via-menu-editor-module</loc>
<lastmod>2026-03-21T14:34:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valeska/valeska-122-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T15:37:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-328-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4152-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-ai-content-writer-with-keyword-research-seo-tracking-tools-430-missing-authorization-to-authenticated-author-arbitrary-post-deletion</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-1145-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/control-block-patterns/build-control-block-patterns-boost-up-gutenberg-editor-1354-missing-authorization</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-13-reflected-cross-site-scripting-via-page</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-837-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/products-stock-manager-with-excel/phpspreadsheet-library-230-xxe-injection</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1397-unauthenticated-arbitrary-file-upload-via-non-ascii-filename-blacklist-bypass</loc>
<lastmod>2026-04-17T04:37:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-39-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/downloadmanager/download-manager-3282-password-protected-file-bypass</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board/job-board-by-bestwebsoft-114-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgetapi/wpgetapi-210-221-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1098-missing-authorization</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1983-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-3107-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpr-addons-pro/royal-elementor-addons-171041-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foliopress-wysiwyg/foliopress-wysiwyg-2685-cross-site-scripting</loc>
<lastmod>2014-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98701-reflected-cross-site-scripting-via-request_uri</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-users/wp-email-users-144-sql-injection</loc>
<lastmod>2017-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer-wp/error-log-viewer-105-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telsender/telsender-11411-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/five-star-restaurant-menu-and-food-ordering-252-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-205-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bng-gateway-for-woocommerce/bng-gateway-for-woocommerce-1610-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-video-inserter/youtube-video-inserter-1210-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-lesson-booking-system/online-lesson-booking-086-cross-site-request-forgery</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/easy-drag-and-drop-all-import-wp-ultimate-csv-importer-641-missing-authorization-checks</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conveythis-translate/language-translate-widget-for-wordpress-conveythis-2691-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codesnips/codesnips-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-export-suite-for-csv-and-xml-datafeed-719-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/wp-email-capture-393-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bug-library/bug-library-21-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-social-autoconnect-462-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T21:49:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-niche-storefronts/clickbank-wordpress-plugin-niche-storefront-135-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/widgetkit-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-transition/simple-page-transition-141-stored-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microblog-poster/microblog-poster-216-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swatchly/swatchly-woocommerce-variation-swatches-for-products-product-attributes-image-swatch-color-swatches-label-swatches-128-140-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-04-09T18:09:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-342-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2139-authenticated-administrator-arbitrary-javascript-file-uploads</loc>
<lastmod>2024-08-19T15:11:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zita-site-library/zita-site-library-for-elementor-166-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-427-missing-authorization-to-unauthenticated-server-side-request-forgery-arbitrary-image-upload-and-image-generation</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-product-options-for-woocommerce/extra-product-options-for-woocommerce-41-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-free/seo-free-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-blocks/timeline-blocks-for-gutenberg-1110-authenticated-contributor-stored-cross-site-scripting-via-titletag-block-attribute</loc>
<lastmod>2026-04-27T15:59:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stm-gallery/stm-gallery-19-09-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:34:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-320-sensitive-information-exposure</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5811-improper-authentication</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evenium/evenium-1311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:45:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3116-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-124-unauthenticated-stored-cross-site-scripting-via-contact-form</loc>
<lastmod>2024-09-24T12:15:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-social-sharing-for-everyone-620-cross-site-request-forgery</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-idpay-gateway/idpay-payment-gateway-for-woocommerce-225-unauthenticated-information-exposure</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/easync-1319-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-matomo-integration-wp-piwik-1011-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-for-woocommerce/subscriptions-for-woocommerce-195-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leira-roles/roles-capabilities-119-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T21:14:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reroute-email/wp-reroute-email-146-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/yet-another-stars-rating-343-missing-authorization-via-init</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/esplanade/esplanade-115-cross-site-scripting</loc>
<lastmod>2015-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-helpdesk-support-ticket-system-109-missing-authorization-to-authenticated-subscriber-arbitrary-ticket-reply</loc>
<lastmod>2025-12-12T14:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-for-wordpress-3326-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/localize-my-post/localize-my-post-10-directory-traversal</loc>
<lastmod>2018-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide_my_wp/hide-my-wp-629-unauthenticated-sql-injection</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery-2/slideshow-gallery-114-cross-site-scripting</loc>
<lastmod>2012-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hoteller/hoteller-689-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-for-elementor-202-authenticated-author-local-file-inclusion-via-path</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memsource-connector/phrase-tms-integration-for-wordpress-475-missing-authorization-to-authenticated-subscriber-log-deletion</loc>
<lastmod>2026-01-16T15:33:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweetscribe/tweetscribe-11-cross-site-request-forgery</loc>
<lastmod>2014-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-payment-gateway-per-category/woocommerce-payment-gateway-per-category-2010-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optin-forms/optin-forms-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-ssl-723-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-booking-invites-to-friends/send-to-a-friend-addon-141-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4998-authenticated-contributor-sql-injection-orderby-parameter</loc>
<lastmod>2025-05-12T17:35:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-buddypress-groups/wbcom-designs-buddypress-group-reviews-283-unauthorized-ajax-actions-due-to-nonce-bypass</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yottie-lite/elfsight-yottie-lite-133-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-web-form-widget/aweber-739-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bet-sport-free/bet-sport-free-100-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xin/xin-1081-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vipergb/viper-guestbook-1315-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-image-to-post/add-image-to-post-06-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vzaar-media-management/vzaar-media-management-12-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-27T21:49:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-049-cross-site-request-forgery</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-commerce/ct-commerce-201-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-234-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-for-wordpress/instagram-for-wordpress-216-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyan-backup/cyan-backup-254-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2025-11-07T20:49:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-315-reflected-cross-site-scripting-via-event_id</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3013-unrestricted-svg-uploads</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-brw/brw-186-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media/external-media-1036-authenticatedauthor-file-upload-to-stored-cross-site-scripting-via-svg</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-builder-ays/faq-builder-ays-173-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/real-estate-directory/real-estate-directory-105-cross-site-request-forgery-via-rdm_activate_plugin</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salient/salient-5553-dom-cross-site-scripting</loc>
<lastmod>2015-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-block/easy-accordion-gutenberg-block-123-missing-authorization</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-player/wp-player-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-4411-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-playlist-player/youtube-playlist-player-464-cross-site-request-forgery-in-ytpp_settings</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-lite-addons-for-elementor-51014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-729-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-07T18:57:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2927-csv-injection</loc>
<lastmod>2015-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-dynamics-crm/wp-gravity-forms-dynamics-crm-114-open-redirect</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvasio3d-light/download-canvasio3d-light-250-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-274-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1210-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-mail-by-constant-contact/creative-mail-easier-wordpress-woocommerce-email-marketing-169-unauthenticated-sql-injection-via-checkout_uuid-parameter</loc>
<lastmod>2026-05-19T12:14:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-wpbakery/ht-mega-absolute-addons-for-wpbakery-page-builder-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-134-cross-site-request-forgery</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-real-estate-core/contempo-real-estate-core-363-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-countdowner/easy-countdowner-108-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-554-authenticated-contributor-stored-cross-site-scripting-via-heading-title-widget</loc>
<lastmod>2024-05-29T17:11:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-quick-view/products-quick-view-for-woocommerce-220-missing-authorization</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dorzki-notifications-to-slack/slack-notifications-by-dorzki-207-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sexy-contact-form/creative-contact-form-100-arbitrary-file-upload</loc>
<lastmod>2014-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-and-conditions-per-product/terms-conditions-per-product-1215-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4125-authenticated-admin-stored-cross-site-scripting-via-feed-name</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-easy-google-analytics/ht-easy-ga4-google-analytics-4-117-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-341-missing-authorization-to-authenticated-subscriber-event-export</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-tools/media-library-tools-1615-authenticated-author-sql-injection</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-556-sensitive-information-exposure-via-element_pack_ajax_search</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-theme-options/easy-theme-options-10-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-terms-shortcode/display-terms-shortcode-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-quiz/very-simple-quiz-100-cross-site-scripting</loc>
<lastmod>2020-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-450-authenticated-givewp-worker-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T19:18:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-tabs/wp-responsive-tabs-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-notcaptcha/wp-notcaptcha-131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/monalisa/mona-lisa-212-reflected-cross-site-scripting</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-565-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T15:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yadisk-files/yadisk-files-125-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-product-viewer/smart-product-viewer-154-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-core-features/designthemes-core-features-48-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-user-importer/simple-user-import-export-117-authenticated-admin-csv-injection</loc>
<lastmod>2025-11-17T20:52:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-free/event-expresso-free-313711l-authenticated-sql-injection</loc>
<lastmod>2017-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-user-data/export-user-data-226-authenticated-subscriber-php-object-injection-to-arbitrary-file-deletion-via-display_name-field</loc>
<lastmod>2026-06-29T18:15:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-35-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-grid-gallery/grid-gallery-photo-image-grid-gallery-143-authenticated-contributor-php-object-injection-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-3591-authenticated-contributor-stored-dom-based-cross-site-scripting-via-sina-image-differ</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-2251-information-disclosure</loc>
<lastmod>2015-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/freemius-sdk-242-missing-authorization-checks</loc>
<lastmod>2022-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-webfonts-local/omgf-453-subscriber-arbitrary-filefolder-deletion</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-600-6755-and-700-7014-missing-authorization-to-authenticated-contributor-arbitrary-plugin-deactivation</loc>
<lastmod>2026-06-01T10:46:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1043-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-2214-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10262-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-775-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-cod-fee-for-woocommerce/simple-cod-fees-for-woocommerce-202-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slim-seo/slim-seo-a-fast-automated-seo-plugin-for-wordpress-462-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-177-cross-site-request-forgery-via-pagelayer_load_plugin</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-4342-reflected-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-261-authenticated-contributor-sensitive-information-exposure-via-content-switcher-widget-elementor-template</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-file-uploader-extension/mainwp-file-uploader-extension-41-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-press/comment-press-271-cross-frame-scripting</loc>
<lastmod>2020-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superb-slideshow-gallery/superb-slideshow-gallery-131-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contexto/contexto-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-cloner/post-cloner-100-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightview-plus/lightview-plus-313-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-55-authenticated-blind-sql-injection</loc>
<lastmod>2021-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-msgraphmailer/wpo365-microsoft-365-graph-mailer-32-open-redirect-via-redirect_to-parameter</loc>
<lastmod>2025-02-23T22:53:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-444-multiple-sql-injections</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadbi/leadbi-plugin-for-wordpress-17-authenticated-contributor-stored-cross-site-scripting-via-form_id-shortcode-attribute</loc>
<lastmod>2026-01-23T20:32:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-580-unauthenticated-price-manipulation</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-user-capabilities/simple-user-capabilities-10-missing-authorization-to-unauthenticated-capability-reset</loc>
<lastmod>2025-11-03T15:33:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-block/pdf-block-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multicons/multicons-multiple-favicons-20-cross-site-request-forgery</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-151-stored-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-eu/captchaeu-1060-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanfix/wp-cleanfix-plugin-500-remote-code-execution</loc>
<lastmod>2013-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-2191-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bunnycdn/bunnynet-wordpress-cdn-plugin-201-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfaqblock/wpfaqblock-faq-accordion-plugin-for-gutenberg-121-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-03-20T15:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sixtees/sixtees-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-sensitive-information-exposure</loc>
<lastmod>2019-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-199-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-23111701-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiss-toolkit-for-wp/swiss-toolkit-for-wp-141-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webhotelier/webhotelier-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1819-directory-traversal-to-arbitrary-file-rename</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsyncsheets-elementor/wpsyncsheets-lite-for-elementor-elementor-pro-form-google-spreadsheet-addon-14-running-vulnerable-dependencies</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-9027-unauthenticated-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-subscriptions/zoho-billing-embed-payment-form-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1928-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-10-30T19:12:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appreview/appreview-029-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-digital-wallet-buy-now-pay-later-bnpl-instant-cashback-referral-program-partial-subscription-payments-275-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-portfolio/visual-portfolio-photo-gallery-post-grid-351-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-275-directory-traversal</loc>
<lastmod>2017-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wordpress-photo-album-plus-8805003-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ttisbdir/wp-business-directory-102-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/press-grid/pressgrid-frontend-publish-reaction-multimedia-theme-131-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backup-guard-169-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-lock-double-opt-in-manager/g-lock-double-opt-in-manager-265-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sliding-door/sliding-door-36-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-231-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ect-homepage-products/ect-home-page-products-19-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paymob-for-woocommerce/paymob-for-woocommerce-412-missing-authorization</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rest-cache/wp-rest-cache-202610-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more/read-more-by-adam-118-cross-site-request-forgery</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate-visual-composer/flipbox-awesomes-flip-boxes-image-overlay-260-authenticated-admin-arbitrary-options-update</loc>
<lastmod>2022-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/printo/printo-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobi2go/mobi2go-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/analytics-cat-112-reflected-cross-site-scripting</loc>
<lastmod>2024-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-1076-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magee-shortcodes/magee-shortcodes-209-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess/htaccess-by-bestwebsoft-wordpress-website-access-control-plugin-175-reflected-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailto-links/wp-mailto-links-314-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usercentrics-consent-management-platform/usercentrics-cmp-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-563-form-submission-admin-email-bypass</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-pdf-paged/wp-jquery-pager-140-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2025-10-14T19:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.3/wordpress-core-431-authorization-bypass-to-information-disclosure</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-poly-integration/hyyan-woocommerce-polylang-integration-150-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-344-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-forms-for-wp/wordpress-forms-by-pie-forms-1493-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-5430-reflected-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-41-reflected-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/findus/findus-directory-listing-wordpress-theme-1115-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpackcrm-ext-woo-connect/jetpackcrm-ext-woo-connect-213-sensitive-information-exposure</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/gpt3-ai-content-writer-1914-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1098-reflected-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-5130-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-icons-283-reflected-cross-site-scripting</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1230-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/free-booking-plugin-for-hotels-restaurants-and-car-rentals-easync-booking-1314-cross-site-request-forgery</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediabay-lite/mediabay-16-missing-authorization-via-ajac-actions</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-affiliate-link-localizer/amazon-affiliate-link-localizer-182-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luzuk-team/luzuk-team-010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load-videos-and-sticky-control/lazy-load-videos-and-sticky-control-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:38:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-specific-plugin-updates/block-plugin-update-331-cross-site-request-forgery-via-bspu_plugin_selectphp</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-57-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1563-cross-site-request-forgery</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/seafood-company/seafood-company-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stops-core-theme-and-plugin-updates/stops-core-theme-and-plugin-updates-804-insufficient-restrictions-on-option-changes</loc>
<lastmod>2019-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-1113-reflected-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-unused-images/find-unused-images-107-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2025-11-10T15:16:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookies-by-jm/cookies-by-jm-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-link-for-woocommerce/cart-link-for-woocommerce-202-cross-site-request-forgery</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-141-reflected-cross-site-scripting-via-x1-parameter</loc>
<lastmod>2024-12-10T20:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-docs-21633-missing-authorization-to-authenticated-subscriber-database-update</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shabat-keeper/shabat-keeper-044-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-08T21:55:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chauffeur-booking-system/chauffeur-taxi-booking-system-for-wordpress-69-authentication-bypass</loc>
<lastmod>2024-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartpay/download-manager-and-payment-form-wordpress-plugin-wp-smartpay-110-2713-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-05-06T13:25:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-user-profile-builder-membership-2911-missing-authorization-to-carbon-fields-custom-sidebar-additionremoval</loc>
<lastmod>2024-11-22T15:18:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-wpforms/wpforms-google-sheet-connector-401-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizz/whizz-111-cross-site-request-forgery</loc>
<lastmod>2017-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members-import/members-import-142-self-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-251-cross-site-request-forgery-via-admin_notices</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-gallery-grid/responsive-gallery-grid-2313-cross-site-request-forgery</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2684-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-for-elementor-forms-pro/elementor-forms-google-sheet-connector-106-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice/propovoice-1767-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-09-10T19:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstickybar-sticky-bar-sticky-header/wpstickybar-sticky-bar-sticky-header-210-unauthenticated-sql-injection</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smoothscroller/smoothscroller-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1706-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-509-missing-authorization-to-authenticated-subscriber-shop-enable</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-for-woocommerce-free-566-premium-564-cross-site-request-forgery-to-file-deletion</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-widget/wp-page-widget-27-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1152-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lumise/lumise-product-designer-209-unauthenticated-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4031-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/world-prayer-time/world-prayer-time-20-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_edit_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atp-call-now/atp-call-now-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/wordpress-online-booking-and-scheduling-plugin-bookly-232-authenticated-subscriber-stored-cross-site-scripting-via-color-profile-parameter</loc>
<lastmod>2024-06-10T20:39:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-2521-authenticated-administrator-remote-code-execution</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-469-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailchef/emailchef-351-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-deletion</loc>
<lastmod>2026-04-21T20:35:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgenealogy/wp-genealogy-your-family-history-website-019-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-imdb/shortcode-imdb-608-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-bookmark-follow/penci-bookmark-follow-24-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/gallery-plugin-for-wordpress-envira-photo-gallery-1846-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-wordpress-help-desk-155-multiple-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-15T13:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-210-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-creator/testimonials-creator-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-01-13T16:43:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-146-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3533-missing-authorization-to-authenticated-subscriber-to-generate-form-submission-pdf</loc>
<lastmod>2025-12-11T17:40:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3292-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-light/jobboard-job-listing-126-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdes-responsive-popup/wdes-responsive-popup-136-authenticated-contributor-stored-cross-site-scripting-via-attr-shortcode-attribute</loc>
<lastmod>2026-02-10T20:09:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sliding-door/multiple-themes-various-versions-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-twitter-connect/nextend-twitter-connect-151-reflected-cross-site-scripting</loc>
<lastmod>2015-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-pagelike-widget/widget-for-social-page-feeds-63-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcbd-popover/tcbd-popover-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:02:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/df-draggable/df-draggable-1132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-1042-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_multiple_files_for_post</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-423-subscriber-arbitrary-file-upload</loc>
<lastmod>2021-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-add/testimonials-slider-3583-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2022-04-04T11:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-wordpress/praison-seo-wordpress-4015-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hotel/goodlayers-hotel-314-unauthenticated-sql-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table/wp-table-143-remote-file-inclusion</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-268-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-02-12T00:09:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-785-missing-authorization-to-unauthorized-form-submission</loc>
<lastmod>2024-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dimage-360/dimage-360-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-on-publish/email-on-publish-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thrive-theme/thrive-theme-builder-3240-privilege-escalation</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-bulk-product-editing/yit-plugin-framework-338-authenticated-settings-change</loc>
<lastmod>2019-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-shortcode/svg-shortcode-101-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwl-kb-manager/bwl-knowledge-base-manager-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4296-cross-site-scripting</loc>
<lastmod>2014-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-seo-slideshow/simple-seo-slideshow-128-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-05T10:52:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-addon-for-ninja-forms/popup-addon-for-ninja-forms-351-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2089-authenticated-author-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-390-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-button-shortcode/print-button-shortcode-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:23:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mfolio-lite/mfolio-lite-121-missing-authorization-to-authenticated-author-file-upload-via-exe-and-svg-files</loc>
<lastmod>2024-11-05T18:14:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-maps-by-supsystic/ultimate-maps-by-supsystic-1216-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-312-missing-authorization</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-741-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-06-10T18:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-806-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-318-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2025-11-18T00:28:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-attachment-by-order-status-products/email-attachment-by-order-status-products-101-reflected-cross-site-scripting</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-arbitrary-file-upload</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-446-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/points-management-system-for-gamification-ranks-badges-and-loyalty-rewards-program-mycred-303-missing-authorization</loc>
<lastmod>2026-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-shortcodes/salient-shortcodes-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/benchmark-email-lite/benchmark-email-lite-41-cross-site-request-forgery-via-page_settings</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirki/kirki-600-606-unauthenticated-privilege-escalation-via-handle_forgot_password</loc>
<lastmod>2026-06-01T15:03:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speed-booster-pack/speed-booster-pack-433-admin-sql-injection</loc>
<lastmod>2021-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/online-scheduling-and-appointment-booking-system-bookly-267-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-plugin-152-cross-site-scripting</loc>
<lastmod>2017-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-list-designer/posts-list-designer-by-category-list-category-posts-or-recent-posts-332-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-and-tips/quotes-and-tips-by-bestwebsoft-144-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-menu/if-menu-0163-missing-authorization-to-admin-settings-modification</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-84-authenticated-contributor-stored-cross-site-scripting-via-height-shortcode-attribute</loc>
<lastmod>2026-04-07T20:50:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-total-branding/wp-total-branding-12-authenticated-administrator-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2024-07-11T18:51:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2331-missing-authorization-via-handlebeforegateway</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-clic-counter/kama-click-counter-349-cross-site-scripting</loc>
<lastmod>2017-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essay-wizard-wpcres/essay-wizard-wpcres-1064-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-widget-extended/recent-posts-widget-extended-202-authenticated-contributor-stored-cross-site-scripting-via-rpwe-shortcode</loc>
<lastmod>2025-09-05T15:37:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-express/webp-express-01410-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/noo-jobmonster-484-unauthenticated-sql-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-283-cross-site-request-forgery</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazytasks-project-task-management/lazytasks-1237-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/fastbook-11-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-342-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/0mk-shortener/0mk-shortener-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1290-cross-site-request-forgery-to-custom-field-creation</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/power-ups-for-elementor/power-ups-for-elementor-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:45:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-news-ticker/jquery-news-ticker-30-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-459-server-side-request-forgery</loc>
<lastmod>2016-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-lister/wp-plugin-lister-210-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-cross-site-scripting-via-request_id</loc>
<lastmod>2016-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-and-follow/share-and-follow-1803-cross-site-scripting</loc>
<lastmod>2012-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/screets-lcx/live-chat-unlimited-283-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-email-customizer-for-woocommerce/make-email-customizer-for-woocommerce-106-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ops-robots-txt/on-page-seo-whatsapp-chat-button-200-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopmagic-for-woocommerce/free-follow-up-emails-marketing-automation-for-woocommerce-shopmagic-456-unauthenticated-information-exposure</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-inline-form-woocommerce-21-reflected-cross-site-scripting</loc>
<lastmod>2021-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-242-unauthenticated-privilege-escalation-in-homey_save_profile</loc>
<lastmod>2025-03-04T21:24:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-50-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1033-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-8313-cross-site-request-forgery</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-listings/impress-listings-201-reflected-cross-site-scripting</loc>
<lastmod>2016-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torod/torod-the-smart-shipping-and-delivery-portal-for-e-shops-and-retailers-17-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-688-broken-access-control</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hrm/wp-human-resource-management-200-2217-missing-authorization-to-authenticated-employee-privilege-escalation-via-wp_ajax_hrm_insert_employee-ajax-action</loc>
<lastmod>2025-07-03T12:17:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1380-missing-authorization-to-privatepassword-protected-post-read</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/charity-zone/charity-zone-111-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-rest-api/wp-rest-api-wp-api-121-sensitive-information-disclosure</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-316-authenticated-contributor-sql-injection-via-order-parameter</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/truemag/truemag-43142-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-seo-author-snippets/google-seo-pressor-for-rich-snippets-122-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clyp/clyp-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-menu/openmenu-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/chaty-309-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel/carousel-ultimate-18-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-3112-reflected-self-based-cross-site-scripting-via-error_description</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pubydoc-data-tables-and-charts/pubydoc-206-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boxed-content/boxed-content-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2028-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-icons/file-icons-21-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmash/newsmash-1071-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modalier-elementor/modalier-for-elementor-106-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vospari-forms/vospari-forms-14-reflected-cross-site-scripting</loc>
<lastmod>2016-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-127-unauthenticated-privilege-escalation</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20230809-unauthenticated-stored-cross-site-scripting-via-user-submitted-content</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-social_icon_1-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegant-pink/elegant-pink-130-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-2110-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-362-authenticatedcontributor-stored-cross-site-scripting-via-block-image-attribute</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-pro-4912-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-102-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/majestic-support/majestic-support-106-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-fancy-lightbox/ari-fancy-lightbox-138-reflected-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1238-authenticated-employee-privilege-escalation</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progressmatify-blocks/progress-bar-blocks-for-gutenberg-100-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-11-10T15:28:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aitasi-coming-soon/aitasi-coming-soon-202-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace-responsive/photospace-responsive-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-488-unauthenticated-sql-injection</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extend-link/extend-link-200-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwdmsp/mp3-sticky-player-80-unauthenticated-arbitrary-file-readdownload</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-video-for-everybody/external-video-for-everybody-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2328-authenticated-administrator-sql-injection-via-orderby</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-228-cross-site-request-forgery-via-logout</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery/imagepress-image-gallery-122-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion-and-post-title-update</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-search/premmerce-product-search-for-woocommerce-224-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-compare/wpc-smart-compare-for-woocommerce-646-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-10T18:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myshopkit-popup-smartbar-slidein/woocommerce-coupon-popup-smartbar-slide-in-myshopkit-109-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/diet-calorie-calculator/diet-calorie-calculator-111-missing-authorization</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontmeister/fontmeister-108-reflected-cross-site-scripting</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-cross-site-request-forgery-protection-bypass</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-6419-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-album-gallery/my-album-gallery-104-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcake/webcake-landing-page-builder-11-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-12-04T16:38:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greeklish-permalink/greeklish-permalink-33-missing-authorization-via-cyrtrans_ajax_old-ajax-action</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-csv/post-to-csv-by-bestwebsoft-138-authenticated-author-csv-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1207-authenticated-sql-injection</loc>
<lastmod>2017-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/felan-framework/felan-framework-113-reflected-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20241014-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recentcomments/wp-recentcomments-227-unauthenticated-information-exposure</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erident-custom-login-and-dashboard/erident-custom-login-dashboard-341-cross-site-request-forgery</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-165-cross-site-request-forgery</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-coming-soon/ultimate-coming-soon-maintenance-109-missing-authorization-to-authenticated-subscriber-template-name-update</loc>
<lastmod>2024-12-05T19:35:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-salesiq/zoho-salesiq-108-cross-site-request-forgery</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastfm-recent-album-artwork/lastfm-recent-album-artwork-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:46:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lava-directory-manager/lava-directory-manager-1134-unauthenticated-stored-cross-site-scripting-via-new-listing</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-423-cross-site-request-forgery-to-arbitrary-post-deletion-wo_ajax_remove_client</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kaswara/kaswara-modern-vc-addons-301-missing-authorization</loc>
<lastmod>2021-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-weather/awesome-weather-widget-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/preschool-and-kindergarten/preschool-and-kindergarten-125-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-by-funnelkit-3111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-contact-line/mobile-contact-line-240-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-614-unauthenticated-blind-sql-injection-via-time-parameter</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doneren-met-mollie/doneren-met-mollie-2107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2029-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-and-showcase/testimonial-slider-236-missing-authorization-to-authenticated-author-settings-update</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-categories-to-pages/map-categories-to-pages-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-forms/advanced-forms-for-acf-168-insecure-direct-object-reference</loc>
<lastmod>2020-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/g5plus-april/g5plus-april-68-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ifeature-slider/ifeature-slider-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailrelay/mailrelay-211-cross-site-request-forgery-via-render_admin_page</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20260217-unauthenticated-stored-cross-site-scripting-via-c</loc>
<lastmod>2026-03-12T00:21:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird-pro/filebird-pro-651-missing-authorization</loc>
<lastmod>2025-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/cookie-information-free-gdpr-consent-solution-207-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-child-theme-generator/wps-child-theme-generator-12-directory-traversal</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-362-unvalidated-redirect-in-password-reset-flow-via-edd_redirect</loc>
<lastmod>2025-12-30T17:50:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-1910-cross-site-request-forgery</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leartes-try-exchange-rates/leartes-try-exchange-rates-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alipay/wordpressalipaytenpaypaypal-370-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-composer/header-footer-composer-for-elementor-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-508-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-1033-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-payphone-gateway/woocommerce-payphone-gateway-320-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-739-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alttext-ai/alt-text-ai-automatically-generate-image-alt-text-for-seo-and-accessibility-149-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-05-14T11:58:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2097-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-users/wordpress-users-14-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-real-estate-plugin/firestorm-professional-real-estate-2711-authenticated-administrator-sql-injection</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/savory/savory-25-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekc-tournament-manager/ekc-tournament-manager-221-cross-site-request-forgery-to-tournament-and-team-creation</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-file-uploads-wc-pro/drag-and-drop-multiple-file-upload-pro-woocommerce-171-and-50-505-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-01T14:29:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puzzles/puzzles-wp-magazine-review-with-store-wordpress-theme-rtl-424-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-ie-compatibility-fixer/ns-ie-compatibility-fixer-215-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-06T18:32:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsupp-live-chat/smartsupp-live-chat-ai-shopping-assistant-and-chatbots-391-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dancepress-trwa/dancepress-trwa-3111-cross-site-request-forgery</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multi-currency/curcy-237-missing-authorization-to-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11359-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dbmanager/wp-db-manager-272-arbitrary-file-read</loc>
<lastmod>2014-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-6411-authenticated-contributor-stored-cross-site-scripting-via-button-widget-custom-attributes</loc>
<lastmod>2026-05-21T19:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-272-authenticated-contributor-stored-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-nav-archives/simple-nav-archives-213-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3510-unauthenticated-sql-injection</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-context/widget-context-133-cross-site-request-forgery-to-settings-update-via-wl-parameter</loc>
<lastmod>2026-05-21T19:25:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3114-sql-injection</loc>
<lastmod>2016-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1193-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-279-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-membership-profile-registration-post-submission-plugin-for-wordpress-3525-authenticated-admin-sql-injection</loc>
<lastmod>2021-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-connector/post-connector-104-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-reader/rss-feed-reader-01-cross-site-scripting</loc>
<lastmod>2011-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-learning-pro/ultimate-learning-pro-39-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/semrush-contentshake/semrush-content-toolkit-1132-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/views-for-wpforms-lite/views-for-wpforms-322-missing-authorization-via-save_view</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crazy-call-to-action-box/crazy-call-to-action-box-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-custom-anti-spam-image/peters-custom-anti-spam-323-cross-site-request-forgery-via-cas_register_post-function</loc>
<lastmod>2024-12-17T20:49:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jemployee/job-board-manager-for-wordpress-10-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11411-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suevafree-essential-kit/suevafree-essential-kit-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-store-location/map-store-locator-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-menu-image/wp-menu-image-22-missing-authorization-to-unauthenticated-menu-image-deletion</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41035-regular-expressions-denial-of-service</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-missing-authorization-to-non-arbitrary-file-upload</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wholesale-pricing/premmerce-wholesale-pricing-for-woocommerce-1110-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1g-music-share/1g-music-share-151-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-152-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixobe-cartography/pixobe-cartography-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aco-woo-dynamic-pricing/dynamic-pricing-with-discount-rules-for-woocommerce-459-authenticated-shop-manager-arbitrary-code-execution</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-in/stock-in-out-104-reflected-cross-site-scripting</loc>
<lastmod>2021-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/counters-block/counters-block-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whydonate/whydonate-free-donate-button-crowdfunding-fundraising-4015-missing-authorization-to-unauthenticated-wp_wdplugin_style-rww-deletion</loc>
<lastmod>2025-10-14T19:46:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashtanga/ashtanga-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1366-cross-site-scripting</loc>
<lastmod>2017-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-base-booking-of-appointments-services-and-events/wp-base-booking-of-appointments-services-and-events-492-reflected-cross-site-scripting</loc>
<lastmod>2025-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-as-a-customer-for-woocommerce/shop-as-a-customer-for-woocommerce-123-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-cloak-affiliate-links/woocommerce-cloak-affiliate-links-1033-missing-authorization-to-unauthenticated-permalink-modification</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bauernregeln/bauernregeln-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analyticator/google-analyticator-6495-cross-site-scripting</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonanza-woocommerce-free-gifts-lite/bonanza-woocommerce-free-gifts-lite-100-missing-authorization-to-authenticated-subscriber-opt-in-success</loc>
<lastmod>2025-07-28T20:26:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/logo-slider-373-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-odfl-edition/ltl-freight-quotes-old-dominion-edition-4210-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2413-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-kuantokusta-for-woocommerce/feed-kuantokusta-for-woocommerce-free-53-unauthenticated-sql-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-4010-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/urvanov-syntax-highlighter/urvanov-syntax-highlighter-2833-cross-site-request-forgery-via-init_ajax</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-donation-platform/donation-platform-for-woocommerce-fundraising-donation-management-129-cross-site-request-forgery-to-survey-submission</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ghostwriter/ghostwriter-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-stopper/spam-stopper-313-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-154-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql-woocommerce/wpgraphql-woocommerce-0123-information-disclosure</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshopgermany-it-recht-kanzlei/wpshopgermany-it-recht-kanzlei-20-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-post/wp-hide-post-2010-cross-site-request-forgery-via-save_bulk_edit_data</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitcoin-donate-button/bitcoin-donate-button-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-27T21:49:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/wp-delicious-recipe-plugin-for-food-bloggers-formerly-delicious-recipes-169-improper-path-validation-to-authenticated-subscriber-arbitrary-file-move-and-read</loc>
<lastmod>2024-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easync-booking/free-booking-plugin-for-hotels-restaurants-and-car-rentals-easync-booking-1321-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2025-05-30T21:32:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-446-missing-authorization-to-settings-update-and-arbitrary-file-upload</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-youtube/dsgvo-youtube-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1303-unauthenticated-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2026-01-13T17:22:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flap/flap-business-wordpress-theme-15-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-database-reset/wp-database-reset-31-privilege-escalation</loc>
<lastmod>2020-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-create-responsive-contact-forms-1984-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adventure-bucket-list/adventure-bucket-list-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-ajax-filter/category-ajax-filter-282-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twchat/twchat-send-or-receive-messages-from-users-404-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:18:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-scoper/role-scoper-obsolete-please-install-publishpress-permissions-1367-reflected-cross-site-scripting</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-371-unauthenticated-second-order-sql-injection</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketking-multivendor-marketplace-for-woocommerce/marketking-ultimate-woocommerce-multivendor-marketplace-solution-2000-missing-authorization</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3346-reflected-cross-site-scripting-via-redirect_to-parameter</loc>
<lastmod>2026-02-17T17:51:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-plugin-data-removal-in-reinitialize</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-539-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-addons-beaver-builder-elementor/xpro-addons-for-beaver-builder-lite-156-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/formsdb-save-elementor-forms-to-google-sheets-post-type-213-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/invetex/invetex-218-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-499-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-14T18:55:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-processing-embed/wordpress-processing-embed-051-cross-site-scripting</loc>
<lastmod>2010-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-finance/wp-finance-136-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy-pro/academy-lms-pro-352-authenticated-custom-arbitrary-file-upload</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-ptb/post-type-builder-214-missing-authorization-to-arbitrary-postpage-creation</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-a-quote-button-for-woocommerce/request-a-quote-for-woocommerce-and-elementor-get-a-quote-button-product-enquiry-form-popup-product-quotation-14-unauthenticated-arbitrary-shortcode-execution-via-fire_contact_form</loc>
<lastmod>2024-11-22T21:43:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notices/notices-61-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inboundio-marketing/inboundio-marketing-201-arbitrary-file-upload</loc>
<lastmod>2015-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4146-relevanssi-a-better-search-pro-2165-missing-authorization</loc>
<lastmod>2022-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-255-missing-authorization</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-709-unauthenticated-sensitive-information-exposure-via-slidersstream</loc>
<lastmod>2026-05-19T20:43:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rewardsystem/sumo-reward-points-3070-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-lite-for-elementor-294-authenticated-contributor-stored-cross-site-scripting-via-cursor_url</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-menu/wp-mobile-menu-2844-missing-authorization-to-_mobmenu_icon-post-meta-modification</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcamconsult/webcamconsult-150-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T18:53:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-language/xili-language-2212-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dream-gallery/dream-gallery-10-cross-site-request-forgery-to-stored-cross-site-scripting-via-dreampluginsmain-ajax-action</loc>
<lastmod>2025-12-04T17:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/throws-spam-away/throws-spam-away-33-cross-site-request-forgery-to-comment-modification</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/case-theme-user/case-theme-user-103-authentication-bypass-via-social-login</loc>
<lastmod>2025-08-22T18:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prider/prider-1131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-gallery/wordpress-filter-gallery-plugin-015-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2039-directory-traversal</loc>
<lastmod>2018-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-40-missing-session-cookie-expiration</loc>
<lastmod>2012-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-371-authenticated-administrator-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-281-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2136-authenticated-admin-sql-injection-via-material_text</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syndicate-out/syndicate-out-09-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-log/email-log-222-stored-cross-site-scripting</loc>
<lastmod>2017-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-conditional-fields/conditional-fields-for-contact-form-7-241-missing-authorization</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cimy-header-image-rotator/cimy-header-image-rotator-611-cross-site-request-forgery</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-express-for-google/photo-express-for-google-032-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bloom/bloom-email-opt-in-111-sensitive-information-disclosure</loc>
<lastmod>2016-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks-pro/kadence-blocks-pro-237-authenticated-contributor-information-exposure</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-cart-button-labels-for-woocommerce/change-add-to-cart-button-text-for-woocommerce-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/social-sharing-plugin-sassy-social-share-3369-reflected-cross-site-scripting-via-heateor_mastodon_share-parameter</loc>
<lastmod>2024-11-29T16:31:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-visual-whmcs-element/wpbakery-visual-composer-whmcs-elements-1043-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-nmi-three-step/nmi-gateway-for-woocommerce-1611-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seguro-viagem/real-seguro-viagem-205-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-354-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-invitation-codes/cm-registration-and-invitation-codes-255-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-notify/site-notify-10-missing-authorization</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jwp-a11y/jwp-a11y-417-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podiant/podiant-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-scss-compiler/happy-scss-compiler-compile-scss-to-css-automatically-1310-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-audio-player/meks-smart-social-widget-16-cross-site-request-forgery-via-meks_remove_notification</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/efence/efence-132-multiple-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmention/webmention-408-reflected-cross-site-scripting-via-replytocom</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyazon/easyazon-amazon-associates-affiliate-plugin-510-reflected-cross-site-scripting-via-easyazon-cloaking-locale</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contribuinte-checkout/contribuinte-checkout-2003-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-146-missing-authorization</loc>
<lastmod>2025-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hub-core/hub-core-508-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nyla/nyla-17-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downgrade/wp-downgrade-122-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5218-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-simple-recaptcha/contact-form-7-captcha-008-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bradesco-gateway/bradesco-gateway-20-cross-site-scripting</loc>
<lastmod>2013-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-popup-lightbox-maker/wp-popup-window-maker-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-rss-import-news-feeds-feed-to-post-and-autoblogging-5010-reflected-cross-site-scripting-via-classname</loc>
<lastmod>2026-01-15T19:09:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geoportail-shortcode/geoportail-shortcode-244-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-prayer/wp-prayer-209-cross-site-request-forgery-to-arbitrary-prayer-deletion</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-61-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-blacklist-cloud/ip-blacklist-cloud-342-authenticated-admin-path-traversal</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1387-cross-site-request-forgery-via-remove_from_wishlist</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antihacker/disable-json-api-login-lockdown-xmlrpc-pingback-stop-user-enumeration-anti-hacker-scan-451-missing-authorization-to-unauthenticated-ip-address-whitelist</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-for-wp/google-adsense-banner-ads-by-adsforwp-18-cross-site-request-forgery</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forums-11513-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-151-full-path-disclosure</loc>
<lastmod>2005-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-1392-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-bar-extender/debug-bar-extender-05-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2949-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sintic_gallery/sintic_gallery-all-known-versions-arbitrary-file-upload</loc>
<lastmod>2012-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-breadcrumbs/essential-breadcrumbs-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-attachments/download-attachments-140-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snow-monkey/snow-monkey-2915-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-09-25T17:34:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-my-business-auto-publish/auto-publish-for-google-my-business-37-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-302-reflected-cross-site-scripting</loc>
<lastmod>2026-02-18T14:55:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-login/wpo365-login-116-authentication-bypass</loc>
<lastmod>2020-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscriber/email-subscriber-11-stored-cross-site-scripting</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/contact-form-drag-and-drop-form-builder-for-wordpress-everest-forms-149-sql-injection</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-450-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-filter/easy-filter-110-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owm-weather/owm-weather-5611-cross-site-request-forgery</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-pro/nextgen-gallery-pro-319-reflected-cross-site-scripting</loc>
<lastmod>2021-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ossdl-cdn-off-linker/cdn-linker-lite-131-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-05-26T17:23:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arya-multipurpose/arya-multipurpose-105-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advanced-menu-manager-296-cross-site-request-forgery-to-menu-edition</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revampcrm-woocommerce/revamp-crm-for-woocommerce-104-local-file-inclusion</loc>
<lastmod>2019-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-464-race-condition</loc>
<lastmod>2022-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5915-information-exposure</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/k-elements/k-elements-550-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fraudlabs-pro-for-woocommerce/fraudlabs-pro-for-woocommerce-2228-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-317-reflected-cross-site-scripting</loc>
<lastmod>2021-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1710-sql-injections</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chessgame-shizzle/chessgame-shizzle-130-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T18:30:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-party/illi-link-party-10-missing-authorization-to-unauthenticated-arbitrary-link-deletion</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-1210-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payplus-payment-gateway/payplus-payment-gateway-668-reflected-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navis-documentcloud/navis-documentcloud-011-reflected-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8702003-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-23T20:04:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-qr-code-generator/flex-qr-code-generator-127-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-12-05T16:45:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-recent-posts-widget/acf-recent-posts-widget-593-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7310-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cover-wp/cover-wp-165-cross-site-scripting</loc>
<lastmod>2011-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-events/wooevents-412-unauthenticated-arbitrary-file-overwrite</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forum/wp-forum-24-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalprocessing-card-payments/nomupay-payment-processing-gateway-715-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-wp/ts-poll-survey-versus-poll-image-poll-video-poll-239-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-noindex-nofollow-tool/ultimate-noindex-nofollow-tool-112-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-511-cross-site-request-forgery-via-odb_start_manually</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-15115-cross-site-scripting</loc>
<lastmod>2013-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-2413-authenticated-contributor-stored-cross-site-scripting-via-kaliforms_field_components-parameter</loc>
<lastmod>2026-06-30T15:03:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-522-reflected-cross-site-scripting-via-add_query_arg-function</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-php-in-posts-and-pages/allow-php-in-posts-and-pages-304-authenticated-subscriber-remote-code-execution-via-shortcode</loc>
<lastmod>2023-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-hover/text-hover-41-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-contact/aio-contact-281-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coachific-shortcode/coachific-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-userhash-shortcode-attribute</loc>
<lastmod>2026-04-14T19:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1343-cross-site-request-forgery</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/mojoomla-school-management-system-unspecified-version-authenticated-student-sql-injection</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-thank-you-page-for-woocommerce-finale-lite-sales-countdown-timer-discount-for-woocommerce-2170-missing-authorization-to-unauthenticated-system-information-disclosure</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zuut/zuut-142-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/empowerment/empowerment-102-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-post-with-other-site/sync-post-with-other-site-16-missing-authorization-to-authenticated-subscriber-post-creation-and-update</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mygallery/myslidergallery-121-remote-file-inclusion</loc>
<lastmod>2007-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-412-cross-site-scripting</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-and-date-remover/wp-meta-and-date-remover-220-authenticated-subscriber-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-server-status/game-server-status-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/u-design/udesign-responsive-wordpress-theme-4140-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workscout/workscout-4107-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickfunnels/clickfunnels-311-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiempocom/tiempocom-012-cross-site-request-forgery-to-shortcode-deletion</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3213-cross-site-scripting</loc>
<lastmod>2018-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-helpdesk-support-ticket-system-1010-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cycle-text-announcement/wp-cycle-text-announcement-81-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-02T22:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-311-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-linkedin/bestwebsofts-linkedin-105-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-429-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-codes/add-custom-codes-480-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-1002-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-2212-cross-site-request-forgery</loc>
<lastmod>2022-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1355-cross-site-request-forgery</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider/accordion-slider-196-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-garden/banner-garden-plugin-for-wordpress-013-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-342-authenticated-givewp-manager-php-object-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-testing-for-wp/ab-testing-for-wordpress-1182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-26T19:05:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-assistant-connector/mobile-assistant-connector-222-sql-injection</loc>
<lastmod>2022-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basticom-framework/basticom-framework-150-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-04T19:36:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-twitch-integration/streamweasels-twitch-integration-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-904-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedded-video-with-link/embedded-video-41-cross-site-scripting</loc>
<lastmod>2010-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giftware/gift-cards-for-woocommerce-pro-426-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-1113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-writing-assistant/ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-116-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-421-unauthenticated-sql-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-mail-queue/gd-mail-queue-43-reflected-cross-site-scripting</loc>
<lastmod>2024-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pinevale/pinevale-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-woocommerce/pdf-invoice-builder-for-woocommerce-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-1223-missing-authorization-via-page_init</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppdf/responsive-flipbook-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-359-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flickr-press/wp-flickr-press-264-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imgspider/imgspider-2312-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-652-missing-authorization-to-settings-modification</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copymatic/copymatic-ai-content-writer-generator-16-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-carousel-shortcode/image-carousel-shortcode-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats/wp-stats-252-cross-site-request-forgery</loc>
<lastmod>2015-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propovoice-pro/propovoice-pro-1703-unauthenticated-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-caching-with-htaccess/browser-caching-with-htaccess-121-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-153-sensitive-information-exposure</loc>
<lastmod>2022-04-18T10:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locations/locations-321-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-351-remote-code-execution-via-remote-file-inclusion</loc>
<lastmod>2013-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dynamic-links/wp-dynamic-links-101-reflected-cross-site-scripting</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ajax-contact-form/wp-ajax-contact-form-222-cross-site-request-forgery-to-arbitrary-email-deletion</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recall-products/recall-products-08-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debugger-troubleshooter/debugger-troubleshooter-132-unauthenticated-privilege-escalation-to-administrator-via-cookie-manipulation</loc>
<lastmod>2026-03-30T09:30:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-builder/elegant-themes-multiple-versions-arbitrary-file-upload</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-category-tree/product-category-tree-25-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-bridge/forms-bridge-425-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-01-27T17:37:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-utm-tracking/utm-tags-tracking-for-contact-form-7-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenberg/gutenberg-2182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-missing-authorization-to-authenticated-author-sensitive-information-disclosure-via-query-attachments-ajax-endpoint</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aoa-downloadable/downloable-by-american-osteopathic-association-010-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-posts-webcam-recorder/video-posts-webcam-recorder-1554-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14109-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyve-lite/ai-chatbot-for-wordpress-hyve-lite-122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2440-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilab-media-tools/media-cloud-for-amazon-s3-imgix-google-cloud-storage-digitalocean-spaces-and-more-4524-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-asynchronous-load/images-asynchronous-load-105-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1803-reflected-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier-pro/multisite-content-copierupdater-pro-212-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/at-internet/at-internet-smarttag-02-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-gateway/quran-gateway-15-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-19T15:07:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enigma-chartjs/chartjs-20232-authenticatededitor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-525-authenticated-administrator-sql-injection-via-field_conditions</loc>
<lastmod>2025-06-13T17:44:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-172-reflected-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-119-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-252-missing-authorization-to-unauthenticated-arbitrary-file-read-and-deletion</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp/mailchimp-list-subscribe-form-200-cross-site-request-forgery-to-mailchimp-list-change</loc>
<lastmod>2026-02-18T14:55:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-379-authenticated-custom-missing-authorization-to-unauthorized-event-publication-via-event_approved-parameter</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/advanced-ajax-product-filters-1546-reflected-cross-site-scripting</loc>
<lastmod>2021-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easybook/cththemes-citybook-233-townhub-105-and-easybook-121-stored-cross-site-scripting</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-wp-backup-migrate-restore-140-sensitive-information-disclosure</loc>
<lastmod>2020-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/image-optimization-lazy-load-331-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-614-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-5105-authenticated-contributor-dom-based-stored-cross-site-scripting-via-lightbox-widget</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bukza/bukza-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-160-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-video-player/youtube-embed-263-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/cardealer-164-missing-authorization-to-authenticated-subscriber-change-and-delete-js-and-css-files</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brighttalk-wp-shortcode/brighttalk-wordpress-shortcode-240-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:22:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-21281-unauthenticated-stored-cross-site-scripting-via-headers</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-sitemap/simple-wp-sitemap-121-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurant-and-cafe/restaurant-and-cafe-125-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-recent-purchases/easy-digital-downloads-recent-purchases-102-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/travelly-tour-travel-booking-manager-for-woocommerce-tour-hotel-booking-solution-215-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-responsive-gallery-album/ai-responsive-gallery-album-14-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-691-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-open-close/woocommerce-open-close-best-business-schedules-manager-430-reflected-cross-site-scripting</loc>
<lastmod>2022-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photolio/photolio-theme-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-105-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2419-authenticated-path-traversal</loc>
<lastmod>2019-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-67-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gocache-cdn/gocache-136-missing-authorization</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-redirect-manager/easy-redirect-manager-21818-cross-site-scripting</loc>
<lastmod>2019-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-243-missing-authorization</loc>
<lastmod>2022-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rightway/right-way-40-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-event-manager/advanced-event-manager-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/restrict-content-328-missing-authorization</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchwiz/searchwiz-100-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-01-13T16:43:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-remix/wp-comment-remix-143-sql-injection</loc>
<lastmod>2008-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backupguard-1146-reflected-cross-site-scripting</loc>
<lastmod>2017-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-poll/liquidpoll-3378-unauthenticated-stored-cross-site-scripting-via-form_data-parameter</loc>
<lastmod>2024-08-20T17:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportflow/supportflow-06-stored-cross-site-scripting-via-discussion-ticket-title</loc>
<lastmod>2016-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-popup-creator/popup-mailchimp-getresponse-and-activecampaign-intergrations-326-unauthenticated-sql-injection</loc>
<lastmod>2025-01-06T15:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/woof-products-filter-for-woocommerce-119-local-file-inclusion</loc>
<lastmod>2018-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptelegram-widget/telegram-widget-and-join-link-2212-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginplus/loginplus-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sigmize/sigmize-009-cross-site-request-forgery</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed-plus/youtube-embed-plus-1424-missing-authorization</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-216-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fleet/fleet-manager-251-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keyword-meta/keyword-meta-30-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-41-improper-authentication</loc>
<lastmod>2014-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeegg-toolkit/themeegg-toolkit-129-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-popups-lite/master-popups-103-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-marktplaats-for-woocommerce/woosa-205-authenticated-administrator-arbitrary-file-read-via-log_file-parameter</loc>
<lastmod>2026-06-18T16:04:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-views-counter/post-views-counter-134-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-block-ips/login-block-ips-100-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-251-missing-authorization</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kikfyre-events-calendar-tickets/event-kikfyre-218-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-image-gallery-html5-video-youtube-vimeo-video-gallery-and-lightbox-for-native-gallery-321-authenticated-contributor-stored-cross-site-scripting-via-galleryid-and-classname-parameters</loc>
<lastmod>2024-06-27T20:19:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-cards/content-cards-097-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/gutenberg-essential-blocks-604-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2026-05-01T16:12:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-3732-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generic-elements-for-elementor/generic-elements-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wplegalpages-270-arbitrary-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sifr/sifr-0681-cross-site-request-forgery</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-intense/image-intense-325-sql-injection</loc>
<lastmod>2018-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-168-sql-injection</loc>
<lastmod>2018-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-news-sliders/wp-news-sliders-10-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-up/gift-up-2213-cross-site-request-forgery-via-consume_post</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qiniu-uploader/qiniu-uploader-01-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-173-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-switcher/favicon-switcher-1211-cross-site-request-forgery</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3165-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-most-advanced-wordpress-reset-tool-pro-500-598-missing-authorization-to-database-reset</loc>
<lastmod>2021-11-10T14:22:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_copy_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-125-missing-authorization-to-unauthenticated-arbitrary-post-modification</loc>
<lastmod>2025-12-20T14:15:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/islamic-phrases/islamic-phrases-2122015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:17:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multisite-clone-duplicator/multisite-clone-duplicator-153-reflected-cross-site-scripting</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layers/layers-05-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:31:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-blocks/lazy-blocks-410-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-box/ads-box-10-sql-injection</loc>
<lastmod>2012-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inquiry-cart/inquiry-cart-342-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-179-reflected-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tooltips/simple-tooltips-213-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/good-homes/good-homes-1313-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelligent-importer/catalog-importer-scraper-crawler-514-unauthenticated-php-code-injection</loc>
<lastmod>2025-09-10T18:49:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-attempts/limit-attempts-by-bestwebsoft-118-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/verdure/verdure-organic-tea-shop-wordpress-theme-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kredeum-nfts/kredeum-nfts-the-easiest-way-to-sell-your-nfts-directly-on-your-wordpress-site-169-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T15:48:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/porto-functionality/porto-theme-functionality-373-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-css-preview/live-css-preview-214-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-12-04T17:36:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1321-unauthenticated-stored-cross-site-scripting-via-name_directory_name</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/make_a_statement/make-a-statement-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-box-office/woocommerce-box-office-1150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-2211-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0857-local-file-inclusion</loc>
<lastmod>2016-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-182-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canva/canva-design-beautiful-blog-graphics-124-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-380-cross-site-request-forgery-to-publicly-accessible-form-submission-export</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio7_html5_full_width_sticky_pro/apollo-363-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-comment-system/disqus-comment-system-276-cross-site-request-forgery</loc>
<lastmod>2014-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-to-theme-settings-update</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-to-twitter/send-to-twitter-172-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-login-register-links-on-forum-topic-pages/bbpress-login-register-links-on-forum-topic-pages-275-cross-site-request-forgery</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedocs/wedocs-2114-missing-authorization-to-settings-update</loc>
<lastmod>2025-12-05T15:51:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microsoft-start/msn-partner-hub-287-missing-authorization</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-farsi/font-farsi-166-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T19:56:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-multiple-form-instances/gravity-forms-multiple-form-instances-111-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-09T15:25:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg/mapsvg-all-kinds-of-maps-and-store-locator-for-wordpress-864-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-21T21:10:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plotly/plotly-102-stored-cross-site-scripting</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-293-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2020-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pardakht-delkhah/pardakht-delkhah-298-cross-site-request-forgery-to-form-setting-reset</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salavat-counter/salavat-counter-plugin-094-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevtool/wpdevtool-011-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-460-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-word-count-column/admin-word-count-column-22-arbitrary-file-read</loc>
<lastmod>2022-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tranzila-gateway/woocommerce-tranzila-gateway-108-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/platinum-seo-pack/platinum-seo-137-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glofox-shortcodes/glofox-shortcodes-26-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T18:24:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plausible-analytics/plausible-analytics-133-reflected-cross-site-scripting-via-page-url</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eduma/eduma-576-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-scripts-control/luckywp-scripts-control-121-cross-site-request-forgery</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/migrate-post/migrate-posts-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-chat/click-to-chat-wp-support-all-in-one-floating-widget-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anti-spam/titan-anti-spam-security-730-ip-spoofing-to-protection-bypass</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnu-mailman-integration/gnu-mailman-integration-106-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12120-reflected-cross-site-scripting-via-page-and-tab</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7615-authenticated-author-stored-cross-site-scripting-via-uploaded-image-alternative-text</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171049-authenticated-author-arbitrary-file-upload-via-mainphp-upload-bypass</loc>
<lastmod>2026-03-10T15:36:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-directorybox-manager/wp-directorybox-manager-25-authentication-bypass</loc>
<lastmod>2025-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turn-off-comments-for-all-posts/turn-off-all-comments-10-reflected-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-ecommerce-payments-and-subscriptions-made-easy-365-missing-authorization</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-news-lite/live-news-106-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stats/stats-10-stored-cross-site-scripting</loc>
<lastmod>2007-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-custom-social-share-by-codebard/fast-custom-social-share-by-codebard-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-414-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/as-english-admin/as-english-admin-100-open-redirection</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalpoll-lite/total-poll-lite-499-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointify/appointify-108-authenticated-administrator-sql-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-issue-manager/software-issue-manager-501-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-11T16:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-staff-list/simple-staff-list-224-missing-authorization-via-ajax_flush_rewrite_rules-and-staff_member_export</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-82-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4101-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gostats-for-wordpress/gostats-for-wordpress-14-cross-site-request-forgery-via-gostats_manage-function</loc>
<lastmod>2026-05-26T17:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movies-importer/movies-bulk-importer-10-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-2012-unauthenticated-limited-code-execution</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-262-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-05-21T19:49:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-html5-video/woocommerce-html5-video-1710-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-ads-clickbank-widget/clickbank-affiliate-ads-120-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelmap-blog/travel-map-101-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/incredible-font-awesome/incredible-font-awesome-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zox-news/zox-news-3160-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-5037decaf-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3290-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-fields/simple-fields-1411-cross-site-scripting</loc>
<lastmod>2019-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmcs-bridge/whmcs-bridge-63-reflected-cross-site-scripting</loc>
<lastmod>2022-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-170-reflected-cross-site-scripting-via-linkbutton</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12023-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campaign-monitor-wp/campaign-monitor-forms-255-missing-authorization-to-authenticatedsubscriber-options-update-via-ajax_dismiss_notice</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blockade/wp-blockade-0914-missing-authorization-to-authenticated-subscriber-arbitrary-shortcode-execution-via-shortcode-parameter</loc>
<lastmod>2026-04-07T17:39:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/renewal/renewal-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-menu-widget/dropdown-menu-widget-197-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dj-email-publish/dj-emailpublish-172-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-monster/travel-monster-112-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-countdown-for-woocommerce/product-time-countdown-for-woocommerce-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadr-for-woocomerce/spreadr-woocommerce-104-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapster-wp-maps/mapster-wp-maps-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-15T21:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-309-unauthenticated-sensitive-information-disclosure-via-type-juggling</loc>
<lastmod>2025-11-18T15:26:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-470-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-527-unauthenticated-sql-injection</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flozen-theme/flozen-151-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-checkout/wp-stripe-checkout-12237-sensitive-information-exposure-via-debug-log</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-nextgen-gallery-3598-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynsarmy-iframe-shortcode/iframe-shortcode-105-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/precious-metals-chart-and-widgets/precious-metals-charts-and-widgets-for-wordpress-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-324-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/post-carousel-235-missing-capabilities-check</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-2014-authenticated-contributor-stored-cross-site-scripting-via-header_size-tag</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glass/glass-132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-unlimited-database-files-backup-by-backup-for-wp-73-unauthenticated-database-back-up-exposure</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-6412-stored-cross-site-scripting</loc>
<lastmod>2020-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speedup-optimization/speedup-optimization-159-missing-authorization-to-authenticated-subscriber-plugin-settings-update-via-speedup01_enabled-ajax-action</loc>
<lastmod>2026-03-20T15:08:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-292-and-304-sensitive-information-disclosure</loc>
<lastmod>2011-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/optinmonster-260-reflected-cross-site-scripting</loc>
<lastmod>2021-09-20T18:03:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/sliderby10web-1252-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumb-navxt/breadcrumb-navxt-610-sensitive-data-exposure</loc>
<lastmod>2018-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-to-player-deletion</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-organiser/event-organiser-3129-authenticated-contributor-stored-cross-site-scripting-via-eo_events-shortcode</loc>
<lastmod>2026-06-30T15:56:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstream/wpstream-495-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2speed/wp2speed-faster-optimize-pagespeed-insights-score-90-100-101-unauthenticated-information-exposure</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shop-original/wp-shop-34316-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-express/webp-express-01411-arbitrary-file-read</loc>
<lastmod>2018-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-3920-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ticket-spot/event-tickets-rsvps-calendar-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:11:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-metas/custom-metas-151-reflected-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-minimum-amount-for-woocommerce/order-minimummaximum-amount-limits-for-woocommerce-468-authenticated-shop-manager-stored-cross-site-scripting-via-hide-add-to-cart-content-fields</loc>
<lastmod>2026-01-27T19:38:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jitsi-shortcodes/wordpress-jitsi-shortcode-01-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-the-ultimate-help-desk-support-plugin-288-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5984-authenticated-subscriber-sql-injection-via-rid-parameter</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-xml-file-export-import-for-woocommerce/order-xml-file-export-import-for-woocommerce-123-cross-site-scripting</loc>
<lastmod>2018-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-social-share-buttons/add-social-share-buttons-for-whatsapp-and-viber-11-cross-site-request-forgery</loc>
<lastmod>2018-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-and-templates-815-authenticated-contributor-stored-cross-site-scripting-via-open-street-map-widget-marker-content</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salat-times/salat-times-321-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-breadcrumbs/essential-breadcrumbs-111-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-updates-for-wordpress/yahoo-updates-for-wordpress-10-cross-site-scripting</loc>
<lastmod>2014-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-drag-drop-contact-form-builder-for-wordpress-11035-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wise-forms/wise-forms-120-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-1103-cross-site-request-forgery</loc>
<lastmod>2020-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolementor/codesigner-430-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gocodes/gocodes-135-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-14-sql-injection</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-iframe/custom-iframe-for-elementor-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-meta/category-and-taxonomy-meta-fields-100-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-1511-missing-authorization</loc>
<lastmod>2025-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-posts-and-category-for-elementor/blog-posts-and-category-filter-for-elementor-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-114-cross-site-request-forgery</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namasha-by-mdesign/namasha-by-mdesign-1200-authenticated-contributor-stored-cross-site-scripting-via-playicon_title-parameter</loc>
<lastmod>2025-06-25T14:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-253-authenticated-admin-php-object-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rrdevs-for-elementor/rraddons-for-elementor-110-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-01-10T19:02:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-75-unauthenticated-sql-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/gs-pins-for-pinterest-lite-180-missing-authorization-via-_update_shortcode</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-ticker/stock-ticker-3232-reflected-cross-site-scripting-in-ajax_stockticker_symbol_search_test</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-782-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneelements-ultimate-addons-for-elementor/oneelements-best-elementor-addons-137-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-24T12:20:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-rewrite-analyzer/url-rewrite-analyzer-133-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-lite-262-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-order-terms/i-order-terms-150-cross-site-request-forgery</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-380-unauthenticated-stored-cross-site-scripting-via-event_type</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-js-list-pages-shortcodes/wp-js-list-pages-shortcodes-121-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-attribute</loc>
<lastmod>2026-01-06T20:28:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-googleslides/jquery-googleslides-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-41611-unauthenticated-arbitrary-shortcode-execution-via-checkout-billing-fields</loc>
<lastmod>2026-04-03T22:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reoon-email-verifier/reoon-email-verifier-201-missing-authorization</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21113-authenticated-editor-arbitrary-file-deletion</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1718-cross-site-request-forgery</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mh-board/mh-board-1321-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builderall-cheetah-for-wp/builderall-for-wordpress-301-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/dt-chocolate-10-open-redirect</loc>
<lastmod>2013-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-signup/viral-signup-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-powered-by-gpt-4-181-missing-authorization-to-sensitive-data-exposure</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-244-multiple-sql-injection</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3s-cf7-zoho/w3scloud-contact-form-7-to-zoho-crm-30-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funcaptcha/funcaptcha-anti-spam-captcha-033-cross-site-request-forgery</loc>
<lastmod>2014-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-forms-for-paystack/payment-forms-for-paystack-401-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fyyd-podcast-shortcodes/fyyd-podcast-shortcodes-031-authenticated-contributor-stored-cross-site-scripting-via-color-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-2311-missing-authorization</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtuaria-pagseguro/virtuaria-pagbank-pagseguro-para-woocommerce-363-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-in-page-for-elementor/post-in-page-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-contact-form-7-compact-db/advanced-contact-form-7-100-missing-authorization-to-unauthenticated-arbitrary-contact-form-submission-deletion-via-form_id-parameter</loc>
<lastmod>2026-06-23T16:41:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-23-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobica-core/jobica-core-141-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4222-free-and-2251-premium-unauthenticated-information-exposure</loc>
<lastmod>2024-08-15T13:29:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedding-barcodes-into-product-pages-and-orders/barcode-generator-for-woocommerce-204-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sendgrid-mailer/sendgrid-for-wordpress-14-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-850-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_AI/ultimateai-283-limited-user-password-change-due-to-improper-empty-and-missing-default-value-check</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpperformancetester/wpperformancetester-200-cross-site-request-forgery</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-line-notify/woocommerce-line-notify-117-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1361-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spectra-pro/spectra-pro-114-authenticated-contributor-stored-cross-site-scripting-via-block-ids</loc>
<lastmod>2024-08-01T17:20:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuss/nuss-133-missing-authorization</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-core/thim-core-233-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2429-reflected-cross-site-scripting</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-290-authenticated-contributor-stored-cross-site-scripting-via-wl-product-horizontal-filter-widget</loc>
<lastmod>2024-06-10T16:01:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/a-mart/a-mart-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-plus-redux/register-plus-redux-43-cross-site-scripting</loc>
<lastmod>2012-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sandbox/sandbox-04-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaky-paywall/leaky-paywall-4212-cross-site-request-forgery</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-contentSlider/lambertgroup-allinone-content-slider-38-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-474-cross-site-request-forgery-to-statistic-deletion</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booqable-rental-reservations/booqable-rental-2425-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linker/linker-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimeter/freemius-sdk-223-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wb-custom-product-tabs-for-woocommerce/custom-product-tabs-for-woocommerce-124-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2024-12-20T18:48:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-slideshow/wp-simple-slideshow-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-7911-7100-unauthenticated-sql-injection</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2380-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-text-widget/advanced-text-widget-212-missing-authorization-via-atw_dismiss_admin_notice</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2202-authenticated-arbitrary-file-read</loc>
<lastmod>2022-07-12T14:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-editor/table-editor-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-featured-images-extended/category-featured-images-extended-152-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-brain/open-brain-050-authenticated-administrator-stored-cross-site-scripting-via-api-key-setting</loc>
<lastmod>2026-04-15T17:42:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payflex-payment-gateway/payflex-payment-gateway-261-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-hours/open-hours-easy-opening-hours-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:44:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codelights-shortcodes-and-widgets/sidebar-widgets-by-codelights-14-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loan-comparison/loan-comparison-152-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/co-authors-multiple-authors-and-guest-authors-in-an-author-box-with-publishpress-authors-4101-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qyrr-code/qyrr-simply-and-modern-qr-code-creation-207-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-09-29T15:22:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-widgets/wp-testimonials-142-cross-site-request-forgery-to-widget-deletion</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dermatology-clinic/dermatology-clinic-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dap-to-autoresponders-daar/dap-to-autoresponders-email-syncing-10-unauthenticated-information-exposure</loc>
<lastmod>2025-03-28T18:38:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-352-authenticated-contributor-stored-cross-site-scripting-via-wpmem_user_memberships-shortcode</loc>
<lastmod>2025-05-16T21:04:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tainacan-interface/tainacan-interface-272-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worry-proof-backup/worry-proof-backup-024-authenticated-subscriber-path-traversal-via-backup-upload</loc>
<lastmod>2026-02-25T16:01:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentfetch/rent-fetch-0324-unauthenticated-stored-cross-site-scripting-via-keyword-parameter</loc>
<lastmod>2026-02-17T15:35:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vkontakte-wall-post/vkontakte-wall-post-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-qr-code-generator/flex-qr-code-generator-125-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-14T19:34:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitemap-index/sitemap-index-123-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-1044-missing-authorization</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-180-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase/knowledge-base-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:33:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-gateway/easy-digital-downloads-stripe-extension-212-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jnews/jnews-wordpress-newspaper-magazine-blog-amp-theme-806-reflected-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-captcha/wc-captcha-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-arbitrary-post-deletion</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-newsletter/eelv-newsletter-330-reflected-cross-site-scripting</loc>
<lastmod>2013-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-641-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-page-transition/easy-page-transition-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-1101-authenticated-editor-sql-injection</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-sizes-controller/image-sizes-controller-create-custom-image-sizes-disable-image-sizes-1010-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-finance-calculator/simple-finance-calculator-10-reflected-cross-site-scripting</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-diamond-flipbook-flash/nature-flipbook-wordpress-plugin-17-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-wordfence-extension/mainwp-wordfence-extension-407-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-230-authenticated-administrator-stored-cross-site-scripting-via-several-parameters</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-previous-216-cross-site-scripting</loc>
<lastmod>2012-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sober/sober-3512-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-content-converter/newspack-content-converter-015-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-493-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bamboo-enquiries/bamboo-enquiries-193-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-721-missing-authorization-to-private-post-activity</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm-map-elementor/osm-map-widget-for-elementor-122-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-06-18T14:27:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-cleaner/database-cleaner-098-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anomify/anomify-ai-036-authenticated-administrator-stored-cross-site-scripting-via-anomify_api_key-parameter</loc>
<lastmod>2026-05-19T12:05:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-redirect/simple-redirect-11-reflected-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chameleon/chameleon-theme-39-arbitrary-file-uploads</loc>
<lastmod>2013-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filr-protection/filr-secure-document-library-1213-authenticated-contributor-arbitrary-file-uploads</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infinite-scroll/infinite-scroll-262-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-10-17T15:41:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-cookie-law/easy-cookie-law-31-cross-site-request-forgery-via-ecl_options</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listings-133-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-145-missing-authorization-to-unauthenticated-form-data-exfiltration-via-csv-export</loc>
<lastmod>2026-01-27T17:44:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-544-reflected-cross-site-scripting</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-hit-counter/post-hit-counter-132-missing-authorization</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/wp-all-import-pro-411-reflected-cross-site-scripting</loc>
<lastmod>2020-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easiest-data-table-builder-509-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5952-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-cross-site-scripting-via-media-metadata</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kidsplanet/kids-planet-2214-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clockify-lite/clockinator-lite-107-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bet-wc-2018-russia/bet-wc-2018-russia-21-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterslider/master-slider-pro-3712-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-713-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-147-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ilive/intelligent-wordpress-live-chat-support-plugin-utilities-104-stored-cross-site-scripting</loc>
<lastmod>2019-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/give-3220-missing-authorization-to-unauthenticated-arbitrary-earning-reports-disclosure-via-give_reports_earnings-function</loc>
<lastmod>2025-03-14T22:39:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-25-admin-sql-injection</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-lite-1872-missing-authorization-to-gallery-modification-via-envira_gallery_insert_images</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-372-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-1991-cross-site-request-forgery</loc>
<lastmod>2020-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-0170-authenticated-contributor-stored-cross-site-scripting-via-post-content</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-250-authenticated-administrator-server-side-request-forgery-via-validate_file-function</loc>
<lastmod>2025-03-25T23:22:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap_core/workreap-core-340-authentication-bypass</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide/slides-presentations-0039-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-3253-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-cross-site-request-forgery-via-wptodo_addcomment</loc>
<lastmod>2024-05-29T15:54:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-345-cross-site-scripting</loc>
<lastmod>2018-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-3518-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-36-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coachify/coachify-115-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-sensitive-information-disclosure-via-shortcode</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-posts/wp-show-posts-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-329-unauthenticated-sql-injection</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-airbnb-review-slider/wp-airbnb-review-slider-39-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-2811-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-900-sql-injection</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notify-odoo/notify-odoo-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1926-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-10-10T20:34:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-76-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rightnow/right-now-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_copy_start</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-chat-button/sticky-button-click-to-chat-10-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-2711-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-image/menu-image-icons-made-easy-307-authenticated-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxtool/foxtool-all-in-one-contact-chat-button-custom-login-media-optimize-images-252-cross-site-request-forgery-to-google-oauth-connection</loc>
<lastmod>2025-12-11T14:26:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-164-open-proxy</loc>
<lastmod>2015-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-google-map-travel/ab-google-map-travel-46-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wp-business-directory-plugin-and-classified-listings-directory-28139-missing-authorization-to-authenticated-author-arbitrary-image-attachment</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-photo-gallery-1814-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-121-sql-injection</loc>
<lastmod>2017-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quttera-web-malware-scanner/quttera-web-malware-scanner-35141-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keywords-highlight-tool/search-engine-keywords-highlighter-013-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-77-authenticated-candidate-insecure-direct-object-reference</loc>
<lastmod>2025-12-20T01:29:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-cloud/cart66-cloud-237-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news-event/news-event-101-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-3115-open-redirect</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-453-authenticated-contributor-sql-injection</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-20-authentication-bypass-to-arbitrary-file-upload</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pearl/pearl-corporate-business-348-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-child-pages/cc-child-pages-142-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member-widgets-for-elementor/ultimate-member-widgets-for-elementor-23-unauthenticated-information-exposure</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-377-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-333-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-genix-lite/support-genix-123-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-archive-mapping/custom-query-blocks-531-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-header-footer-woocommerce-builder-template-library-2086-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/wp-all-export-pro-191-unauthenticated-remote-code-execution-via-custom-export-fields</loc>
<lastmod>2025-02-07T03:20:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/applixir/reward-video-ad-for-wordpress-16-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2026-03-20T15:16:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2-click-socialmedia-buttons/2-click-social-media-buttons-033-multiple-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hueman/hueman-3724-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-related-posts/custom-related-posts-173-missing-authorization-to-authenticated-subscriber-private-post-search-and-relation-updates</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tooltip/tooltip-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-social-bar/sticky-social-bar-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gracey/gracey-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-discount-rules/discount-rules-for-woocommerce-241-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-98810-stored-contributor-cross-site-scripting-in-profile-setting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tt-custom-post-type-creator/tt-custom-post-type-creator-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-checkout-cielo/claudio-sanches-checkout-cielo-for-woocommerce-110-insufficient-verification-of-data-authenticity-to-order-payment-status-update</loc>
<lastmod>2024-06-03T17:09:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-353-cross-site-request-forgery</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openpix-for-woocommerce/openpix-2133-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-support-system/ilghera-support-system-for-woocommerce-130-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-05-12T17:11:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-url/custom-login-url-102-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkpreview/phees-linkpreview-167-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-132-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-11659-authenticated-admin-local-file-inclusion</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadboxer/leadboxer-13-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-photo-album/easy-photo-album-115-sensitive-information-disclosure</loc>
<lastmod>2016-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-popup-for-opt-ins-lead-gen-more-1182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ct-ultimate-gdpr/ultimate-gdpr-ccpa-24-unauthenticated-settings-import-export</loc>
<lastmod>2021-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-limit-login-attempts/miniorange-limit-login-attempts-4072-administrator-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-welcome-for-beaver-builder/dashboard-welcome-for-beaver-builder-108-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-227-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esv-bible-shortcode-for-wordpress/esv-bible-shortcode-for-wordpress-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T17:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-3216-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfreespace/addfreespace-013-cross-site-request-forgery-to-stored-cross-site-scripting-via-settings-page</loc>
<lastmod>2026-05-04T14:07:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dt-reservation-plugin/reservation-16-reflected-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/craftis/craftis-handcraft-artisan-elementor-template-kit-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-15148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-templates/slider-templates-103-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-085-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-tag-manager/meta-tag-manager-32-open-redirect</loc>
<lastmod>2025-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auctions/wordpress-auction-plugin-37-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-77-unauthenticated-stored-cross-site-scripting-via-quiccloud-ccssucss-rest-api-endpoints</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-comments/add-comments-101-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-320-cross-site-request-forgery</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-woocommerce-20-1231-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_save_folder_order</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-missing-authorization-to-limited-privilege-escalation</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-banner-cookie-consent-consent-log-cookie-scanner-script-blocker-for-gdpr-ccpa-eprivacy-wp-cookie-consent-412-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2026-02-18T14:54:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-175-reflected-cross-site-scripting-via-name</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-linked-image-cacher/hot-linked-image-cacher-116-reflected-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-excellent-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-241114-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-for-woocommerce-397-unauthenticated-sql-injection</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-5013-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-manager-for-wordpress/sermon-manager-2300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-04T17:25:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41028-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/femme/femme-1311-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmaster-tools/webmaster-tools-20-cross-site-request-forgery-vin-lionscripts_plg_f</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-825-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-ad-changer/cm-ad-changer-205-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2210-insecure-direct-object-reference-to-authenticated-teacher-account-takeoverprivilege-escalation</loc>
<lastmod>2024-10-25T20:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/ultimate-addons-for-elementor-lite-249-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-youtube-video-player/ultimate-youtube-video-shorts-player-with-vimeo-33-missing-authorization-to-authenticated-subscriber-setting-exposure</loc>
<lastmod>2024-11-21T17:06:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duoshuo/-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-114-missing-authorization-via-several-functions</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-1391-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepeople-post-map/codepeople-post-map-for-google-maps-126-authenticated-contributor-stored-cross-site-scripting-via-cpm_point-post-meta</loc>
<lastmod>2026-06-26T12:59:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-wp-page-post/duplicate-page-and-post-295-authenticated-contributor-sql-injection-via-meta_key-parameter</loc>
<lastmod>2025-09-09T17:40:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-513-insecure-direct-object-reference-via-quantity</loc>
<lastmod>2025-04-30T22:01:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yolink-search/yolink-search-for-wordpress-26-reflected-cross-site-scripting</loc>
<lastmod>2013-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-413-authenticated-sql-injection</loc>
<lastmod>2021-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-unauthenticated-arbitrary-php-object-instantiation</loc>
<lastmod>2025-04-03T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2930-reflected-cross-site-scripting-via-form_ids-parameter</loc>
<lastmod>2026-04-07T10:36:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protect-page/ppwp-password-protect-pages-189-protection-mechanism-bypass</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allow-php-execute/allow-php-execute-10-authenticated-editor-php-code-injection</loc>
<lastmod>2025-03-07T14:16:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-503-improper-limitation-of-file-name-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-122-missing-authorization-to-unauthenticated-protected-post-disclosure</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-media/sell-media-241-cross-site-scripting</loc>
<lastmod>2020-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-image-title-attribute/bulk-auto-image-title-attribute-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quickview/quick-view-for-woocommerce-2216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-uploader/advanced-uploader-42-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-pro-7192-authenticated-contributor-arbitrary-file-read-and-phar-deserialization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-32-cross-site-scripting</loc>
<lastmod>2018-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mabel-shoppable-images-lite/shoppable-images-lite-123-missing-authorization</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-172-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-12322-cross-site-request-forgery</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-elementor-addons/wpb-elementor-addons-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-306-authenticated-contributor-local-file-inclusion-in-render_raw</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fudousan-plugin/fudousan-plugin-570-cross-site-scripting</loc>
<lastmod>2021-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-564-reflected-cross-site-scripting-cross-frame-scripting</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-lms-e-learning-platform-1100-cross-site-request-forgery</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16830-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2025-06-13T20:36:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-861-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-elementor/download-manager-addons-for-elementor-130-unauthenticated-sql-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-recipe/wp-easy-recipe-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chauffeur-booking-system/chauffeur-taxi-booking-system-for-wordpress-72-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1471-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/storepress/storepress-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sort-searchresult-by-title/sort-searchresult-by-title-100-cross-site-request-forgery-via-settings_page</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio/portfolio-by-bestwebsoft-240-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wheel-of-life/wheel-of-life-120-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-363-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-12-01T11:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-219-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-feather/social-media-feather-213-missing-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/byconsole-woo-order-delivery-time/wooodt-lite-delivery-pickup-date-time-location-for-woocommerce-251-unauthenticated-full-path-dsiclosure</loc>
<lastmod>2025-02-17T15:48:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3109-authenticated-contributor-stored-cross-site-scripting-via-post-navigation-widget</loc>
<lastmod>2024-05-30T21:24:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-anonymous-post/accesspress-anonymous-post-280-backdoored</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1441-authenticated-contributor-stored-dom-based-cross-site-scripting-via-id-and-data-size-parameters</loc>
<lastmod>2025-06-04T21:58:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-mailchimp/paid-memberships-pro-mailchimp-add-on-234-unauthenticated-information-disclosure</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1736-unauthenticated-server-side-template-injection-via-prefill-functionality</loc>
<lastmod>2026-03-30T09:13:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-themer/beaver-themer-149-authenticated-contributor-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-authenticated-subscriber-limited-arbitrary-file-upload</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-20-cross-site-scripting</loc>
<lastmod>2014-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-151-unauthenticated-arbitrary-file-deletion-via-cf7-file-field-post-value</loc>
<lastmod>2026-06-19T11:55:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kbslider/kenburner-slider-all-versions-path-traversal</loc>
<lastmod>2014-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-250-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-branding-extension/mainwp-white-label-extension-411-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-157-cross-site-request-forgery-via-viewstoolsdiagnosticsinformationphp</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translatepress-296-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-304-cross-site-scripting</loc>
<lastmod>2012-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-express-5623-authenticated-administrator-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-shipment-tracking/advanced-shipment-tracking-for-woocommerce-326-authenticated-wordpress-options-change</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-308-missing-authorization-to-course-category-creation</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clinked-client-portal/clinked-client-portal-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T22:54:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-594-authenticated-contributor-stored-cross-site-scripting-via-image-url</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-bookmarks/custom-admin-bar-favorites-01-reflected-cross-site-scripting</loc>
<lastmod>2025-04-24T18:32:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-plus/amp-plus-30-reflected-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-account-changes</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/directory-listings-wordpress-plugin-ulisting-220-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-03-14T14:22:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-31112-authenticated-contributor-protected-post-disclosure</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-website-translator/prisna-gwt-google-website-translator-1411-authenticated-admin-php-object-injection</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-33-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robokassa/robokassa-payment-gateway-for-woocommerce-161-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-easiest-most-advanced-wordpress-plugin-for-google-maps-409-reflected-cross-site-scripting</loc>
<lastmod>2019-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2087-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-211-cross-site-scripting-via-post_title-parameter</loc>
<lastmod>2012-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-7061-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-polls-by-opinionstage/poll-survey-quiz-maker-plugin-by-opinion-stage-19625-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-732-missing-authorization-to-transients-deletion</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4324-arbitrary-post-deletion-via-cross-site-request-forgery</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-bar/top-bar-305-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spotlight-search/advanced-all-in-one-admin-search-by-wp-spotlight-111-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-posts-scroll/featured-posts-scroll-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-rotator/favicon-rotator-1210-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6001-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-links/hide-links-142-unauthenticated-shortcode-execution</loc>
<lastmod>2024-11-12T13:23:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-web-share-button/share-buttons-social-media-102-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-382-authenticated-access-or-cross-site-request-forgery-leading-to-sql-injection-via-orderby-order-parameters</loc>
<lastmod>2014-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/user-private-files-file-upload-download-manager-with-secure-file-sharing-213-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-google-maps/maps-by-bestwebsoft-135-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluxtore/fluxtore-160-missing-authorization</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5426-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-file-dropzone/woo-file-dropzone-117-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5avmanager/html5-av-manager-027-arbitrary-file-upload</loc>
<lastmod>2012-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-240422-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vpsuform-3220-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonify/amazonify-081-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryout-serious-slider/serious-slider-124-cross-site-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-1912-arbitrary-file-upload</loc>
<lastmod>2013-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-143-missing-authorization-to-arbitrary-attachment-resize</loc>
<lastmod>2025-11-14T15:11:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-333-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-06-09T22:39:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-downloads-manager/lana-downloads-manager-190-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2232-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stacker/wp-stacker-185-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-526-unauthenticated-stored-cross-site-scripting-via-form-subject</loc>
<lastmod>2024-12-13T16:24:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4142-reflected-cross-site-scripting</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-61002-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-22T16:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-180-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download-lite/subscribe-to-download-lite-129-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-with-description/image-slider-with-description-92-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-480-561-authentication-bypass-and-privilege-escalation</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echo-knowledge-base/knowledge-base-for-documentation-faqs-with-ai-assistance-11302-unauthenticated-php-object-injection-in-is_article_recently_viewed</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/provesource/provesource-social-proof-312-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-120-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-boost/social-share-boost-44-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-links/internal-link-juicer-2234-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobbank/jobbank-123-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-mp3-player-with-playlist/html5-mp3-player-with-playlist-270-full-path-disclosure</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-job-board-listings-and-submissions-110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-10321-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-monster-139-authenticatedcontributor-php-object-injection-via-custom-meta</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-752-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3-rotating-words/animated-rotating-words-54-missing-authorization-via-save_admin_options</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-20773-arbitrary-file-upload</loc>
<lastmod>2015-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avalex/avalex-automatisch-sichere-rechtstexte-313-missing-authorization</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trackship-for-woocommerce/trackship-for-woocommerce-175-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shopo/shopo-114-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-28814-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-specific-rss-feed-menu/category-specific-rss-feed-subscription-20-cross-site-request-forgery</loc>
<lastmod>2019-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-profilr-display-social-network-profile/social-profilr-10-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-391-reflected-cross-site-scripting</loc>
<lastmod>2023-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-reflected-cross-site-scripting-via-account_id-and-account_username</loc>
<lastmod>2025-03-27T16:33:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockart-blocks/blockart-blocks-gutenberg-blocks-page-builder-blocks-wordpress-block-plugin-sections-template-library-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-youtube-integration/streamweasels-youtube-integration-132-authenticated-contributor-stored-cross-site-scripting-via-sw-youtube-embed-shortcode</loc>
<lastmod>2024-10-28T21:40:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-92-shortcode-based-cross-site-scripting</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hesabfa-accounting/hesabfa-accounting-212-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-compatibility-checker/php-compatibility-checker-152-cross-site-request-forgery</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wproject/wproject-580-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maps-for-wp/maps-for-wp-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-401-reflected-cross-site-scripting</loc>
<lastmod>2024-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-296-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieblocks/indieblocks-0132-authenticated-contributor-stored-cross-site-scripting-via-kind-parameter</loc>
<lastmod>2025-06-12T13:09:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery/gallery-photo-albums-plugin-1347-cross-site-scripting</loc>
<lastmod>2015-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-viet/woo-viet-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/davenport/davenport-versatile-blog-and-magazine-wordpress-theme-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echelon/echelon-24-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-368-authenticated-administrator-arbitrary-file-upload-via-path-traversal</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-168-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-tracking-and-log/user-activity-tracking-and-log-408-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-2081-missing-authorization</loc>
<lastmod>2024-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-delete-revision/better-delete-revision-161-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-page-express-companion/one-page-express-companion-1643-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-lite-247-authenticated-contributor-information-disclosure</loc>
<lastmod>2025-08-14T20:16:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hack-info/hack-info-317-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/startklar-elmentor-forms-extwidgets/startklar-elementor-addons-1713-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-woocommerce-memberships-for-multivendor-marketplace-2107-unauthenticated-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zegen/zegen-119-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homesweet/homesweet-real-estate-wordpress-theme-14-insecure-direct-object-reference</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netgsm/netgsm-2963-reflected-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-and-notification/booking-calendar-and-notification-403-missing-authorization-via-wpcb_all_bookings-wpcb_update_booking_post-and-wpcb_delete_posts-functions</loc>
<lastmod>2025-02-28T15:23:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-images-ai/all-imagesai-ia-image-bank-and-custom-image-creation-104-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-comment-remove/bulk-comment-remove-2-cross-site-request-forgery-via-brc_admin</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/randomquotr/randomquotr-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:55:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prevent-landscape-rotation/prevent-landscape-rotation-20-cross-site-request-forgery-via-adminpagephp</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-344-reflected-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-site/membersonic-lite-membership-site-plugin-12-authentication-bypass</loc>
<lastmod>2016-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-383-missing-authorization</loc>
<lastmod>2025-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-toolbar/web-accessibility-with-max-access-210-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-01-09T15:52:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-entrance-effects-wee/wow-entrance-effects-wee-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T20:10:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-forms-2019-reflected-cross-site-scripting</loc>
<lastmod>2015-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-picture-backup/flickr-picture-backup-07-arbitrary-file-upload</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3132-insecure-direct-object-reference-to-unauthenticated-sensitive-information-exposure-via-unscoped-bearer-token</loc>
<lastmod>2025-12-16T18:41:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-min-max-quantity-step-control-single/min-max-control-45-reflected-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optio-dentistry/optio-dentistry-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T16:22:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-wordpress-security-2251-cross-site-request-forgery-to-banned-ip-address</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookx/bookx-17-path-traversal</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-avatar-reloaded/user-avatar-reloaded-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-1412-reflected-cross-site-scripting-via-asl-nounce</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saoshyant-page-builder/saoshyant-page-builder-38-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scraper/wp-scraper-58-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-events-calendar/digital-events-calendar-108-authenticated-contributor-stored-cross-site-scripting-via-column-parameter</loc>
<lastmod>2025-09-10T18:54:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-310-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpSS/wordpress-spreadsheet-06-unauthenticated-sql-injection</loc>
<lastmod>2008-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2920-unauthenticated-arbitrary-file-upload-via-copy_post_image</loc>
<lastmod>2025-11-06T16:28:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4026-unauthenticated-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/konnichiwa/konnichiwa-membership-083-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-yogi/yogi-health-beauty-yoga-292-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-374-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-cost-of-goods/ni-woocommerce-cost-of-goods-328-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4260-free-2290-premium-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-pinterest-portfolio/wordpress-pinterest-plugin-make-a-popup-user-profile-masonry-and-gallery-layout-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multisite-content-copier/wordpress-multisite-content-copierupdater-140-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2222-missing-authorization</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frndzk-expandable-bottom-bar/frndzk-expandable-bottom-bar-10-authenticated-administrator-stored-cross-site-scripting-via-text-parameter</loc>
<lastmod>2025-03-24T19:33:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3135-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pf-timer/pf-timer-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-drupal-to-wp/fg-drupal-to-wordpress-3703-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight/highlight-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nestbyte-core/nestbyte-core-12-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-261-authenticated-arbitrary-post-creation-modification-and-deletion</loc>
<lastmod>2020-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-2213-missing-authorization</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edubin/edubin-920-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-277-missing-authorization-on-rest-api-routes</loc>
<lastmod>2019-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-child-theme-creator/easy-child-theme-creator-131-cross-site-request-forgery</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2770-authenticated-subscriber-stored-cross-site-scripting-via-link_title</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbx-restaurant-booking/cbx-restaurant-booking-121-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pvn-auth-popup/pvn-auth-popup-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-277-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-470-insecure-direct-object-reference-via-order_id-parameter</loc>
<lastmod>2020-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-321-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-155-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-1471-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-registration-pro/cm-registration-pro-320-php-object-injection</loc>
<lastmod>2021-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-maps/simple-maps-098-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uix-shortcodes/uix-shortcodes-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-in-city/events-in-city-30-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:24:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery-pro/contest-gallery-pro-19141-authenticated-administrator-sql-injection-via-wp_user_id</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-319-authenticated-contributor-stored-cross-site-scripting-via-title-tag-attribute</loc>
<lastmod>2024-07-01T19:35:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-gutenberg/gutenberg-blocks-publishpress-blocks-controls-visibility-reusable-blocks-334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T17:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1246-missing-authorization-via-fire_cron-rest-endpoint</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-conversion-pixel-manager-261-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-reflected-cross-site-scripting-via-global-variables</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16620-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-event-calendar/spidercalendar-1551-sql-injection</loc>
<lastmod>2017-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-531-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-assistant/debug-assistant-14-cross-site-request-forgery-via-imlt_create_admin</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-mu-secure-invites/secure-invites-13-reflected-cross-site-scripting</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webbricks-addons/web-bricks-addons-for-elementor-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-240-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements/thegem-theme-elements-for-wpbakery-51051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-648-cross-site-request-forgery-to-bulk-actions</loc>
<lastmod>2025-12-01T18:38:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-query/easy-query-wp-query-builder-204-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/cookie-information-free-gdpr-consent-solution-2022-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-post-dripper-extension/mainwp-post-dripper-extension-404-missing-authorization-to-arbitrary-pagepost-deletion</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hosting-performance-check/wp-hosting-performance-check-2188-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4284-missing-authorization-to-unauthenticated-image-upload-via-ep_upload_file_media-ajax-endpoint</loc>
<lastmod>2026-02-16T17:29:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2622-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quizzin/quizzin-1014-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-notice-for-gdpr-ccpa-eprivacy-consent-403-missing-authorization</loc>
<lastmod>2025-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fareharbor/fareharbor-for-wordpress-367-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-1924-authenticated-cross-site-scripting</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-action-button/floating-action-button-121-cross-site-request-forgery</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieauth/indieauth-454-cross-site-request-forgery-to-account-takeover-via-stolen-oauth-tokens</loc>
<lastmod>2025-10-23T19:57:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-amaps/wp_amaps-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caching-compatible-cookie-optin-and-javascript/caching-compatible-cookie-opt-in-and-javascript-0010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1022-cross-site-request-forgery-to-template-creation</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sema-api/sema-api-527-reflected-cross-site-scripting-via-catid-parameter</loc>
<lastmod>2025-01-08T22:08:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58009-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmsmasters-content-composer/cmsmasters-content-composer-188-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-211-reflected-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-express-checkout/wp-express-checkout-accept-paypal-payments-237-unauthenticated-price-manipulation</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-420-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/particle-background/particle-background-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:03:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicky/clicky-by-yoast-15-stored-cross-site-scripting</loc>
<lastmod>2016-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/statify-widget/statify-widget-146-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-by-adtribes-woocommerce-product-feeds-for-google-facebookmeta-bing-more-1325-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-admin-login/wordpress-all-in-one-login-plugin-208-ip-sooofing-to-protection-mechanism-bypass</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-chart-builder/easy-chart-builder-for-wordpress-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-297-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghl-wizard/lc-wizard-1210-130-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-06T14:58:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-stored-cross-site-scripting-via-comments-via-urls</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-header-footer-woocommerce-builder-template-library-2082-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photome/photome-572-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-143-missing-authorization-to-authenticated-contributor-plugin-settings-update</loc>
<lastmod>2025-10-31T16:53:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prismatic/prismatic-27-reflected-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-hyperlink-urls/auto-hyperlink-urls-541-tab-nabbing</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberful-wp/memberful-1750-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-explorer/code-explorer-145-authenticated-admin-external-file-reading</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/ymc-filter-3115-unauthenticated-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1783-authenticated-administrator-arbitrary-file-upload-via-mdjm_email_upload_file-parameter</loc>
<lastmod>2026-06-05T14:20:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-cache-204-reflected-cross-site-scripting</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1325-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-pickupp/woocommerce-pickupp-240-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-405-cross-site-request-forgery</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-11917-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordtube/wordtube-143-remote-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hide-login/easy-hide-login-108-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-598-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-049-sql-injection</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-302-cross-site-scripting</loc>
<lastmod>2010-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geometa/wp-geometa-034-035-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-wp_ajax_wpgm_start_geojson_import-function</loc>
<lastmod>2025-05-30T18:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-263-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-our-team/os-our-team-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aapanel-wp-toolkit/aapanel-wp-toolkit-10-11-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-auto_login-function</loc>
<lastmod>2025-07-17T16:21:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-event/event-calendar-146-reflected-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1123-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/movies/movies-06-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-cross-site-request-forgery</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strategery-migrations/strategery-migrations-10-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-xpro-addons-for-elementor-free-1467-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T22:00:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avchat-3/avchat-video-chat-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3493-unprotected-storage-of-potentially-sensitive-files</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-328-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-picker/mail-picker-1014-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iconize/iconize-124-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2032-authenticated-contributor-stored-cross-site-scripting-via-ee-events-and-ee-flipbox-widget</loc>
<lastmod>2024-07-08T19:48:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post-shortcode/related-post-shortcode-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-1410-authenticated-subscriber-directory-traversal</loc>
<lastmod>2024-10-24T17:56:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-add/form-builder-1990-unauthenticated-csv-injection</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-340-unauthenticated-information-exposure-via-get_megamenu_content-function</loc>
<lastmod>2025-02-18T22:37:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-4311-missing-authorization-to-authenticated-subscriber-unauthorized-ai-api-usage</loc>
<lastmod>2026-04-23T14:45:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st-daily-tip/st-daily-tip-47-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-on-postpage/google-map-on-postpage-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chatbot/wp-chatbot-for-messenger-47-missing-authorization</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility/accessibility-106-cross-site-request-forgery</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-blocks/gutenberg-blocks-acf-blocks-suite-2611-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-auth/http-auth-032-cross-site-request-forgery</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bin-stripe-donation/stripe-donation-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1289-authenticated-subscriber-sql-injection-via-export</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase/team-showcase-29-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2934-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hotel/easy-hotel-booking-196-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-video-box/multi-video-box-152-reflected-cross-site-scripting-via-video_id-and-group_id-parameters</loc>
<lastmod>2025-03-21T17:53:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-header-images/wp-header-images-200-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ydn-download/download-downloads-wordpress-download-plugin-by-edmon-142-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preloader-quotes/preloader-quotes-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwp/backwp-202-reflected-cross-site-scripting</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/useragent-spy/useragent-spy-131-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-memory/memory-usage-245-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blog-and-widgets/wp-blog-and-widget-23-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-619-authenticated-contributor-information-disclosure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vasaio-qr-code/vasaio-qr-code-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-alidropship/ald-dropping-and-fulfillment-for-aliexpress-and-woocommerce-1021-cross-site-request-forgery-to-order-information-disclosure</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hana-flv-player/hana-flv-player-313-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-font-awesome/eds-font-awesome-20-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:15:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-166-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reuters-direct/reuters-direct-300-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2025-11-26T14:20:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-258-cross-site-scripting</loc>
<lastmod>2017-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16106-unauthenticated-arbitrary-appointment-view-modification-and-deletion</loc>
<lastmod>2026-05-06T13:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight/highlight-093-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-414-stored-cross-site-scripting</loc>
<lastmod>2016-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-audit/content-audit-160-authenticated-admin-sql-injection</loc>
<lastmod>2014-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/huskerportfolio/husker-portfolio-03-arbitrary-file-upload</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipblocklist/ipblocklist-10-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-146-server-side-request-forgery</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-141-authenticatedcontributor-local-file-inclusion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-editor-by-pixo/image-editor-by-pixo-238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-bolt/backup-bolt-141-cross-site-request-forgery</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sopa-blackout/sopa-blackout-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-site-builder/zita-site-builder-102-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widgets-shortcode/wordpress-widgets-shortcode-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-21-authenticated-sql-injection</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-840-reflected-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/wp-maintenance-mode-site-under-construction-43-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-111311-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-spoiler/simple-spoiler-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-slider/pickplugins-product-slider-for-woocommerce-11341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-repost/wp-repost-01-authenticated-administrator-stored-cross-site-scritping</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-and-social-locker-arsocial/social-share-and-social-locker-141-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilevel-referral-plugin-for-woocommerce/multilevel-referral-affiliate-plugin-for-woocommerce-228-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-28T15:26:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bzscore-live-score/bzscore-live-score-103-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-menu/shortcode-menu-32-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campus-directory/faculty-staff-and-student-directory-plugin-campus-directory-174-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-50-sql-injection</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-and-registration-5275-missing-authorization</loc>
<lastmod>2026-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-list-block/icon-list-block-add-icon-based-lists-with-custom-styles-121-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-11-18T01:11:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-21013-unauthenticated-information-exposure</loc>
<lastmod>2026-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-pdf-stamper/easy-digital-downloads-pdf-stamper-10-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-gutenberg-1431-authenticated-cross-site-scripting-in-various-blocks</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/north-wp/north-575-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-authenticated-information-disclosure-via-rest-api</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/livemesh-addons-for-elementor-83-authenticated-contributor-stored-cross-site-scripting-via-animated_text_class</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/photo-gallery-sliders-proofing-and-themes-420-insecure-direct-object-reference-to-authenticated-subscriber-image-deletion-via-rest-api</loc>
<lastmod>2026-05-19T17:01:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-247-authenticated-editor-sql-injection</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profitori/the-e-commerce-erp-2113-missing-authorization</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-4441-authenticated-author-arbitrary-file-upload-via-wxr-upload-bypass</loc>
<lastmod>2025-12-05T21:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-231-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-widget/testimonials-widget-404-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-elementor-contact-form-db/contact-form-db-elementor-17-reflected-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tw-image-hover-share/quantic-social-image-hover-108-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T16:30:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-registration-forms/easy-registration-forms-206-csv-injection</loc>
<lastmod>2020-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oa-social-login/social-login-590-authentication-bypass-via-disqus-oauth-provider</loc>
<lastmod>2024-11-22T15:08:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-pyramid/seo-pyramid-198-reflected-cross-site-scripting</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-2526-unauthenticated-sql-injection</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sip-reviews-shortcode-woocommerce/sip-reviews-shortcode-for-woocommerce-123-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-5701-missing-authorization-to-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-one-bottom/google-plus-one-bottom-002-cross-site-request-forgery-to-plugin-settings-update-via-settings-page</loc>
<lastmod>2026-06-01T19:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-1714-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2025-10-31T13:35:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-management-system-for-gamification-ranks-badges-and-loyalty-program-2971-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-12-18T20:25:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-extra-fields/profile-extra-fields-by-bestwebsoft-106-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7111-authenticatedcontributor-server-side-request-forgery-via-ajax_import_options</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-on-ajax_save_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-3281-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-203-cross-site-scripting</loc>
<lastmod>2018-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-day-ross-edition/ltl-freight-quotes-day-ross-edition-2111-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-multi-uploader/multi-uploader-for-gravity-forms-113-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-datatable/wp-jquery-datatable-401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-pricing-table/simple-pricing-table-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-authenticated-subscriber-path-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-263-missing-authorization-to-arbitrary-post-duplication</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-to-pdf-enhanced/wp-post-to-pdf-enhanced-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-security-enhancer/wp-hide-security-enhancer-251-missing-authorization-to-unauthenticated-arbitrary-file-contents-deletion</loc>
<lastmod>2024-12-05T16:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-denial-of-service-via-long-password</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-event-planner/simple-event-planner-154-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-03-23T10:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-450-authenticated-administrator-stored-cross-site-scripting-via-form-settings</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto-payment-gateway-with-payeer-for-woocommerce/crypto-payment-gateway-with-payeer-for-woocommerce-103-unauthenticated-payment-bypass</loc>
<lastmod>2025-11-03T15:59:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcbd-tooltip/tcbd-tooltip-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-20T15:04:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-446-unauthenticated-privilege-escalation-via-password-reset</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-affiliate/wc-affiliate-23-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-9040-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-329-unauthenticated-limited-file-read</loc>
<lastmod>2025-10-17T17:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-org-chart/easy-org-chart-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-media-links/floating-social-media-links-143-remote-file-inclusion-via-fsml-hideshowjsphp-wpp-parameter</loc>
<lastmod>2012-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-search/premmerce-product-search-for-woocommerce-224-cross-site-request-forgery</loc>
<lastmod>2025-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-921-authenticated-custom-sql-injection-via-order-parameter</loc>
<lastmod>2026-04-10T12:55:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.9/wordpress-core-292-authorization-bypass</loc>
<lastmod>2010-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-to-wpml-export/qtranslate-x-cleanup-and-wpml-import-301-cross-site-request-forgery-via-clean_ajx</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-landing-page/wp-landing-page-093-cross-site-request-forgery-to-arbitrary-post-meta-update</loc>
<lastmod>2025-12-05T17:38:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-36-protection-mechanism-bypass</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-548-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-page/duplicate-page-441-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpressplugin-upgrade-time-out-plugin/wordpressplugin-upgrade-time-out-plugin-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listsearch/buddyholis-listsearch-11-authenticated-contributor-stored-cross-site-scripting-via-placeholder-shortcode-attribute</loc>
<lastmod>2026-02-10T20:10:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-justified-gallery/flickr-justified-gallery-340-reflected-cross-site-scripting</loc>
<lastmod>2015-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-block/photo-block-151-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-builder/contact-form-builder-contact-widget-217-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-for-ultimate-member/video-photo-gallery-for-ultimate-member-113-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goodenergy/good-energy-177-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-card-generator/twitter-card-generator-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-post-filter-widgets-for-elementor/better-post-filter-widgets-for-elementor-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-facebook-comments/lazy-social-comments-204-authenticated-administrator-stored-cross-site-scripting-via-plugin-options</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6737-missing-authorization-to-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3165-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-395-sensitive-data-exposure</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sociable/sociable-4341-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export-pro/export-any-wordpress-data-to-xmlcsv-141-wp-all-export-pro-186-authenticated-admin-remote-code-execution</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-most-recent-posts-mod/advanced-most-recent-posts-mod-1652-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-post-generator/ai-post-generator-autowriter-33-missing-authorization</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sales-notification/wc-sales-notification-122-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mark-new-posts/mark-new-posts-751-missing-authorization-via-save_options</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aec-kiosque/aec-kiosque-193-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-361-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2020-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-editor-recorder/audio-editor-amp-recorder-223-unauthenticated-information-exposure</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliderspack-all-in-one-image-sliders/slider-a-sliderspack-23-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/magic-post-thumbnail-529-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-bolt/backup-bolt-130-sensitive-information-exposure</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-31427-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alfie-the-productfeedtool-wp-plugin/alfie-feed-plugin-121-cross-site-request-forgery-to-stored-cross-site-scripting-via-naam-parameter</loc>
<lastmod>2026-03-20T15:07:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-335-reflected-cross-site-scripting</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3313-csv-injection</loc>
<lastmod>2018-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-1147-missing-authorization</loc>
<lastmod>2020-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-yourmembership/yourmembership-single-sign-on-113-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-1127-missing-authorization</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-master/quote-master-711-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-779-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-1033-reflected-cross-site-scripting</loc>
<lastmod>2020-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-health-o-meter/page-health-o-meter-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-53810-improper-authorization-via-submit_review</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-23-directory-traversal</loc>
<lastmod>2018-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insta-gallery/social-feed-gallery-247-cross-site-request-forgery</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alma-gateway-for-woocommerce/alma-5161-missing-authorization</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv-exporter/wp-csv-exporter-136-csv-injection</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-271-authenticated-author-server-side-request-forgery-via-remote-library-image-upload</loc>
<lastmod>2026-02-24T20:06:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-updraftplus-extension/mainwp-updraftplus-extension-406-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-calendly-scheduling/embed-calendly-44-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/chatbot-for-wordpress-by-collectchat-243-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system-pro/masterstudy-lms-pro-4716-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ird-slider/ird-slider-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:18:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-bootstrap-carousel/cpt-bootstrap-carousel-112-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-993-authenticated-admin-sql-injection-via-email-value</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timed-content/timed-content-272-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/wp-membership-123-cross-site-scripting</loc>
<lastmod>2015-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dp-addthis/dp-addthis-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-vat-for-woocommerce/euuk-vat-manager-for-woocommerce-21212-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qode-essential-addons/qode-essential-addons-152-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertkit/convertkit-204-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-woo-brands/discover-the-best-woocommerce-product-brands-plugin-for-wordpress-woocommerce-brands-plugin-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-blocks/elegant-blocks-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webauthn/wp-webauthn-134-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T15:20:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/create/create-291-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/busiprof/busiprof-252-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-unique-article-header-image/wp-unique-article-header-image-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annie/annie-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensitive-chinese-words-scanner/the-great-firewords-of-china-12-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-421-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-admin-notices/disable-admin-notices-individually-140-cross-site-request-forgery</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-139-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1017-authenticated-contributor-stored-cross-site-scripting-via-layout_type-and-id-parameters</loc>
<lastmod>2024-06-19T13:41:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingor/bookingor-201-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-medical-drawing-of-human-body/interactive-medical-drawing-of-human-body-26-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management-pro/school-management-pro-1034-authenticated-school-admin-sql-injection</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-email-inquiry-cart-options/email-inquiry-cart-options-for-woocommerce-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-259-stored-cross-site-scripting</loc>
<lastmod>2013-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-search/posts-search-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easy-pay-free-423-missing-authorization-to-unauthenticated-service-disconnection</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-awesome/history-timeline-105-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug-author-box/social-pug-author-box-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3183-authenticated-contributor-stored-cross-site-scripting-via-get_image_alt</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-287-cross-site-request-forgery-to-plugin-deactivation-via-handle_feedback_submission-function</loc>
<lastmod>2025-07-25T14:59:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-33-reflected-cross-site-scripting</loc>
<lastmod>2025-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3136-authenticated-contributor-stored-cross-site-scripting-via-lw_content_block-shortcode</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-portfolio/premium-portfolio-features-for-phlox-theme-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T23:34:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-326-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodex-posts-likes/kodex-posts-likes-250-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T12:18:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fiddle/wp-fiddle-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-lockdown/post-lockdown-402-missing-authorization-to-authenticated-subscriber-post-disclosure</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1041-authenticated-contributor-stored-cross-site-scripting-via-tableon_popup_iframe_button-shortcode</loc>
<lastmod>2025-06-20T18:15:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1328-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timeline-event-history/timeline-event-history-32-reflected-cross-site-scripting</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vietnam-checkout/woocommerce-vietnam-checkout-205-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-61012-cross-site-request-forgery-to-unauthorized-post-editing</loc>
<lastmod>2025-02-28T15:24:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-audio-dock/themify-audio-dock-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-follow-up-emails/woocommerce-follow-up-emails-4940-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveys/surveys-1018-authenticated-sql-injection</loc>
<lastmod>2017-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-tiktok-feed/feeds-for-tiktok-display-video-feeds-in-grid-layouts-1024-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-413-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-cost-calculator/project-cost-calculator-100-missing-authorization</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-buttons-creator/simple-buttons-creator-104-cross-site-request-forgery-to-arbitrary-button-deletion</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/image-gallery-photo-grid-video-gallery-2133-missing-authorization-to-authenticated-author-arbitrary-gallery-modification</loc>
<lastmod>2025-12-15T02:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-elementor-addons-and-templates-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-forms-by-givecloud/donation-forms-wp-by-givecloud-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-library-categories/media-library-categories-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wiguard/wiguard-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-numbers/wp-page-numbers-05-cross-site-request-forgery-via-wp_page_numbers_settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mermaid/wp-mermaid-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/carousel-slider-226-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/wp-clone-242-sensitive-information-exposure</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-3933-simple-download-monitor-3933-authenticated-contributor-sql-injection-via-order-parameter-in-log-export-functionality</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-buttons/social-share-buttons-for-wordpress-27-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verowa-connect/verowa-connect-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-336-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buzzclub/buzz-club-night-club-dj-and-music-festival-event-wordpress-theme-204-missing-authorization-to-authenticated-subscriber-limited-arbitrary-option-update</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-slug/custom-author-url-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-one/google-1-by-bestwebsoft-134-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-hygiene/media-hygiene-301-missing-authorization-to-authenticated-subscriber-arbitrary-attachment-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-featherlightjs-javascript-library</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ab-rankings-testing-tool/seo-scout-0983-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-204-authenticated-scubscriber-stored-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestpay-for-woocommerce/gestpay-for-woocommerce-20221130-cross-site-request-forgery-csrf-via-ajax_unset_default_card</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-151-privilege-escalation</loc>
<lastmod>2018-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-githuber-md/wp-githuber-md-1163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctl-arcade-lite/ctl-arcade-lite-10-cross-site-request-forgery-to-plugin-activation-and-deactivation</loc>
<lastmod>2025-11-10T15:12:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozystay/cozystay-191-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-6418-missing-authorization</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2951-cross-site-scripting</loc>
<lastmod>2017-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maz-loader/maz-loader-preloader-builder-for-wordpress-132-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-config-tool/debug-log-manger-tool-145-unauthenticated-information-exposure-via-logs</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-social-connect/bp-social-connect-15-authentication-bypass</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-209-reflected-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/multiple-miniorange-plugins-various-version-reflected-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-login-page/custom-login-page-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/sysbasics-customize-my-account-for-woocommerce-436-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-17T17:37:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2079-insecure-direct-object-reference</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/wp-fullcalendar-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-companion/z-companion-1013-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform-pro/metform-pro-391-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-wp/amp-wp-1515-cross-site-request-forgery-via-multiple-settings-pages</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/occupancyplan/occupancyplan-1030-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-roles-and-capabilities-creationdeletion</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-find-your-nearest/wp-find-your-nearest-031-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-flip-image-gallery/page-flip-image-gallery-022-directory-traversal</loc>
<lastmod>2008-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode/coming-soon-maintenance-mode-105-information-exposure</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-elementor-addons-with-white-label-free-widgets-hover-effects-conditions-animations-2086-authenticated-contributor-stored-cross-site-scripting-via-fancybox</loc>
<lastmod>2025-08-11T18:42:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capitalize-my-title/capitalize-my-title-053-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reflex-gallery/reflex-gallery-wordpress-photo-gallery-314-arbitrary-file-upload</loc>
<lastmod>2015-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-right-click-for-wp/disable-right-click-for-wp-116-cross-site-request-forgery</loc>
<lastmod>2022-05-04T12:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-table-builder/smart-table-builder-101-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-09-05T14:47:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-5111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-34-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-06-17T14:04:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post-page-menu-custom-post-type/duplicate-post-page-menu-custom-post-type-231-missing-authorization</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1031-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-272-unauthenticated-php-object-injection</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-329-cross-site-request-forgery-via-getpluginstatus</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latex2html/latex2html-254-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gulri-slider/gulri-slider-358-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedder-for-google-reviews/embedder-for-google-reviews-173-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertpro/convert-pro-175-missing-authorization</loc>
<lastmod>2023-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-521-unauthenticated-stored-cross-site-scripting-via-user_id-parameter</loc>
<lastmod>2024-11-14T16:30:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alobaidi-captcha/alobaidi-captcha-103-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2025-08-14T20:13:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ops-robots-txt/on-page-seo-whatsapp-chat-button-101-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-czech-408-missing-authorization</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quote-calculator-order/woocommerce-quote-calculator-11-unauthenticated-sql-injection</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ippsum/ippsum-120-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codecolorer/codecolorer-0101-unauthenticated-stored-cross-site-scripting-via-class-attribute-in-cc-comment-shortcode</loc>
<lastmod>2026-04-15T15:22:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/critique/critique-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artibot/artibot-free-chat-bot-for-wordpress-websites-116-authenticated-admin-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vm-backups/vm-backups-10-cross-site-request-forgery</loc>
<lastmod>2021-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publitio/publitio-218-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universam-demo/universam-859-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets-to-wp-table-live-sync/sheets-to-wp-table-live-sync-370-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-279-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-instagram-lite/gallery-for-social-photo-10035-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1265-reflected-cross-site-scripting</loc>
<lastmod>2019-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1211-sql-injections</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-cross-site-scripting</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-stream-quiz/ari-stream-quiz-1232-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluid-notification-bar/fluid-notification-bar-323-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T17:15:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-201-reflected-cross-site-scripting-via-tab-order-and-orderby</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-wc-product-filter/themify-woocommerce-product-filter-149-unauthenticated-sql-injection-via-conditions-parameter</loc>
<lastmod>2024-06-20T20:56:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-top-posts-widget/google-analytics-top-content-widget-155-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-240702-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-1113-reflected-cross-site-scripting</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-20240430-authenticated-admin-stored-cross-site-scripting-via-auth</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-myghpay-payment-gateway/woocommerce-myghpay-payment-gateway-30-reflected-cross-site-scripting</loc>
<lastmod>2021-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-262-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-options/editorskit-1403-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-13982-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lean-wp/lean-wp-140-cross-site-request-forgery</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callrail-phone-call-tracking/callrail-phone-call-tracking-049-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eunice/eunice-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-product-editor/ni-woocommerce-bulk-product-editor-145-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6062-authenticated-administrator-sql-injection</loc>
<lastmod>2025-10-07T16:05:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-818-authenticated-author-directory-traversal</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/4stats/4stats-209-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-23T13:53:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediaview/mediaview-112-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-233-authenticated-stored-cross-site-scripting-via-backup_receipient-parameter</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1861-authenticated-administrator-stored-cross-site-scripting-via-plugins-privacy-settings</loc>
<lastmod>2025-06-25T14:11:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minamaze/minamaze-1101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scribble-maps/scribble-maps-12-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/re-attacher/re-attacher-by-bestwebsoft-109-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-estimated-reading-time/insert-estimated-reading-time-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-carousel-elementor/testimonial-carousel-for-elementor-1011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wishlist/premmerce-wishlist-for-woocommerce-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-362-authenticated-administrator-sql-injection-via-order-and-orderby</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-517-insecure-direct-object-reference-to-unauthenticated-arbitrary-order-completion-via-token-and-order_id</loc>
<lastmod>2026-03-29T12:42:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-199-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-referral-free/user-referral-80-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-synchro-pdf/videos-sync-pdf-174-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-side-tab/simple-side-tab-2114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-online-courses-quizzes-learning-4243-unauthenticated-information-exposure</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-sitemap-generator/xml-sitemaps-411-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-412-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-plugin/adpush-129-reflected-cross-site-scripting</loc>
<lastmod>2015-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shine-pdf/shine-pdf-embeder-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:39:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-444-privilege-escalation-and-account-takeover-via-weak-otp</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-openid/wordpress-social-login-and-register-discord-google-twitter-linkedin-766-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-categories/restrict-categories-264-reflected-cross-site-scripting-via-rc-search</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel/smart-post-show-post-grid-post-carousel-slider-and-list-category-posts-3012-authenticated-administrator-php-object-injection</loc>
<lastmod>2026-04-13T16:33:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vooplayer/vooplayer-v4-404-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-240-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1186-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-various-versions-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps-pro/wp-google-maps-pro-8111-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-of-post-images/carousel-of-post-images-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-click-migration/1-click-wordpress-migration-22-unauthenticated-information-disclsoure</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stagtools/stagtools-236-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-import/wp-smart-import-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uleak-security-dashboard/uleak-security-monitoring-plugin-123-stored-cross-site-scripting</loc>
<lastmod>2022-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-253-authenticated-php-code-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-background/video-background-274-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6710-authenticated-contributor-stored-cross-site-scripting-via-elementor-wrapperid-and-zindex</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-directory-traversal</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noindex-by-path/noindex-by-path-10-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minical/minical-hotel-booking-plugin-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-124-cross-site-request-forgery-to-plugin-channel-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-activities/booking-activities-11519-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pinterest-automatic/pinterest-automatic-pin-4182-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteguard/siteguard-wp-plugin-176-login-page-disclosure</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentmx-content-publisher/contentmx-content-publisher-106-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payments-stripe-gateway/pay-with-stripe-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/casamia/casamia-property-rental-real-estate-wordpress-theme-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-3564-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotspots/hotspots-analytics-4012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abtest/ab-test-for-wordpress-107-local-file-inclusion</loc>
<lastmod>2016-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-317-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-187-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T14:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-missing-authorization-to-authenticated-subscriber-ticket-restore</loc>
<lastmod>2025-11-20T17:01:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/proof-factor-social-proof-notifications/proof-factor-8211-social-proof-notifications-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-036-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabs-shortcode-and-widget/tabs-shortcode-and-widget-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player-with-playlist/html5-video-player-with-playlist-250-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1265-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabby-checkout/tabby-checkout-584-unauthenticated-information-exposure</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-210-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/loader-utils-js-package-203-prototype-pollution</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-294-arbitrary-file-upload</loc>
<lastmod>2020-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ruza/ruza-107-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-156-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-198-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-quick-view/wpc-smart-quick-view-for-woocommerce-402-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9300-reflected-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-open-redirect</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-abandoned-cart-recovery/abandoned-cart-recovery-for-woocommerce-104-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu-plugin-113-remote-file-inclusion</loc>
<lastmod>2011-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-loops-wp-integration/viral-loops-wp-integration-381-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-326-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T16:50:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-export-all-wordpress-images-users-post-types-387-reflected-cross-site-scripting</loc>
<lastmod>2018-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-missing-authorization-in-categorifyajaxupdatefolderposition</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-463-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/e-cab-taxi-booking-manager-for-woocommerce-201-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-professional-5156-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/weeklynews/weekly-news-229-cross-site-scripting</loc>
<lastmod>2015-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/annie/annie-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/fullcalendar-16-unauthenticated-information-exposure</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-list/medialist-139-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/wordpress-tag-category-and-taxonomy-manager-ai-autotagger-3320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slek-gateway-for-woocommerce/slek-gateway-for-woocommerce-10-unauthenticated-insufficiently-protected-credentials-via-payment-redirect-form-hidden-fields</loc>
<lastmod>2026-05-11T19:06:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archive-page/archive-page-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizapp-for-woocommerce/bizapp-for-woocommerce-208-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-270-authenticated-instructor-insecure-direct-object-reference-to-arbitrary-course-deletion</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/total-security/total-security-34-cross-site-scripting</loc>
<lastmod>2016-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-address-blocker/ip-blocker-lite-1111-cross-site-request-forgery</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/advanced-form-integration-connect-woocommerce-and-contact-form-7-to-google-sheets-and-other-platforms-1820-sql-injection-to-reflected-cross-site-scripting-via-integration_id</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-220-authentication-bypass</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/power-forms-builder/powerformbuilder-106-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-spotlight/employee-spotlight-team-member-showcase-meet-the-team-plugin-512-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T16:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-403-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-visualizerv1actioncharttype-rest-endpoint</loc>
<lastmod>2026-06-30T15:03:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/wordpress-affiliates-plugin-slicewp-affiliates-1120-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-965-authenticated-editor-stored-cross-site-scripting-via-email-settings</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kernel-theme/kernel-premium-wordpress-blog-magazine-theme-news-editorial-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-313-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2019-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1044-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/league-of-legends-shortcodes/league-of-legends-shortcodes-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metalpriceapi/metalpriceapi-114-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/foodbakery-delivery-restaurant-directory-wordpress-theme-47-cross-site-request-forgery-in-multiple-functions</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-types-carousel-slider/post-carousel-slider-104-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-addon-templates-widgets-kits-woocommerce-builders-607-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-14T18:35:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locateandfilter/locateandfilter-1616-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-240-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-memory/memory-usage-memory-limit-php-and-server-memory-health-check-and-fix-plugin-243-cross-site-scripting</loc>
<lastmod>2022-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osd-subscribe/osd-subscribe-123-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-402-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-kick-integration/streamweasels-kick-integration-113-authenticated-contributor-stored-cross-site-scripting-via-status-classic-offline-text-parameter</loc>
<lastmod>2025-06-13T20:21:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubotchat/qubotchat-115-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-text-multilanguage/quran-multilanguage-text-audio-2323-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-add-to-cart-button-for-woocommerce/ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-122217-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-720-missing-authorization</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliding-social-icons/sliding-social-icons-161-cross-site-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2014-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/birth-chart-compatibility/birth-chart-compatibility-20-unauthenticated-full-path-exposure</loc>
<lastmod>2025-07-21T20:51:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-free-paid-memberships-subscriptions-content-restriction-user-profile-custom-user-registration-login-builder-512-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-162-sensitive-information-disclosure</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/suretriggers-1023-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiehub/cookiehub-110-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-5611-authenticated-contributor-sensitive-information-exposure-via-content_template</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revenueflex-easy-ads/auto-ad-inserter-increase-google-adsense-and-ad-manager-revenue-15-missing-authorization-to-authenticated-editor-settings-update</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-stats/seriously-simple-stats-150-authenticated-podcast-manager-sql-injection-via-order_by</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-pro/user-registration-membership-pro-custom-registration-form-login-form-and-user-profile-513-cross-site-request-forgery-to-user-deletion</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-209-insecure-direct-object-reference-to-unauthenticated-order-information-exposure</loc>
<lastmod>2025-02-18T19:27:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1291-authenticated-administrator-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2025-04-16T17:11:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ajax-contact-form/wp-ajax-contact-form-222-reflected-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-190-protection-mechanism-bypass</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yayforms/yay-forms-embed-custom-forms-surveys-and-quizzes-easily-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:30:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snow-club/snow-club-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-3119-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-stars-rating-funnel/5-stars-rating-funnel-1267-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1298-12997-reflected-cross-site-scripting</loc>
<lastmod>2015-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopkeeper-extender/shopkeeper-extender-70-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emc2-alert-boxes/emc2-alert-boxes-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-design/woocommerce-product-design-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coru-lfmember/coru-lfmember-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailjet-for-wordpress/mailjet-email-marketing-53-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripshow/stripshow-plugin-252-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-flash-galleries/global-flash-gallery-0151-arbitrary-file-upload</loc>
<lastmod>2011-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3616-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-524-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-menu-or-anything-on-scroll/sticky-menu-sticky-header-220-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webd-woocommerce-advanced-reporting-statistics/advanced-reporting-statistics-for-woocommerce-orders-products-customers-reporting-413-unauthenticated-sql-injection</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-1516-reflected-cross-site-scripting</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-412-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linklaunder-seo-plugin/linklaunder-seo-0921-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-to-template-apply</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-admin/compact-admin-130-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimum-purchase-for-woocommerce/minimum-purchase-for-woocommerce-2001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-contact-bar/mobile-contact-bar-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motors/motors-car-dealer-rental-listing-wordpress-theme-5665-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-02T14:13:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hestia-nginx-cache/hestia-nginx-cache-240-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy-pro/brizy-pro-280-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1514-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-for-woocommerce-by-wbw-312-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/backup-guard-1146-cross-site-scripting</loc>
<lastmod>2017-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a2-optimized-wp/a2-optimized-wp-304-cross-site-request-forgery</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/wp-file-manager-64-unauthenticated-resource-access-to-site-backups</loc>
<lastmod>2020-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeflavors-vimeo-video-post-lite/vimeotheque-2342-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-piwik-extension/mainwp-matomo-extension-404-cross-site-request-forgery</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-281-spam-injection</loc>
<lastmod>2018-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpoptin/top-bar-popups-by-wpoptin-201-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dooodl/dooodl-230-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11520-captcha-bypass</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brozzme-scroll-top/brozzme-scroll-top-185-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-254-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-sql-injection</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3248-cross-site-request-forgery</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0991-google-drive-client-secret-exposure</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uk-cookie-consent/catapult-uk-cookie-consent-239-stored-cross-site-scripting</loc>
<lastmod>2018-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb-messenger-live-chat/live-chat-with-messenger-customer-chat-146-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-import-kit/demo-import-kit-110-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-10-14T19:38:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notif-bell/notif-bell-098-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addonify-floating-cart/addonify-floating-cart-for-woocommerce-1217-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-wp-e-commerce-pro-1240-reflected-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptobe-memberships/wptobe-memberships-342-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-08-22T15:47:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4265-authenticated-contributor-stored-cross-site-scripting-via-layout_html-parameter</loc>
<lastmod>2024-05-09T21:13:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dofollow-case-by-case/dofollow-case-by-case-351-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-272-missing-authorization-to-authenticated-subscriber-arbitrary-wallet-balance-manipulation</loc>
<lastmod>2026-01-16T14:05:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/christmas-greetings/christmas-greetings-125-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-duplicates/find-duplicates-146-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-48-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-social-site/registration-forms-user-registration-forms-invitation-based-registrations-front-end-user-profile-login-form-content-restriction-social-sites-login-179-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmsguestbook/dmsguestbook-170-sql-injection</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-04515-multiple-cross-site-scripting</loc>
<lastmod>2016-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pilotpress/pilotpress-2036-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-151-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nonaki-email-template-customizer/nonaki-drag-and-drop-email-template-builder-and-newsletter-plugin-for-wordpress-1011-authenticated-contributor-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2025-11-10T15:23:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-travel-and-tour-booking-plugin-675-authenticated-contributor-stored-cross-site-scripting-via-wte_trip_tax-shortcode</loc>
<lastmod>2026-04-03T19:44:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-payments-for-woocommerce/klarna-payments-for-woocommerce-324-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-dark-mode/catch-dark-mode-20-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-setup/wp-quick-setup-20-missing-authorization-to-authenticated-subscriber-arbitrary-plugintheme-installation</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/album-and-image-gallery-plus-lightbox/album-and-image-gallery-plus-lightbox-162-missing-authorization</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-323-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialdriver-framework/swift-framework-20240430-authenticated-contributor-stored-cross-site-scripting-via-caption-title</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-135-reflected-cross-site-scripting-via-font-size</loc>
<lastmod>2020-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-woo-variation-swatches/gs-variation-swatches-for-woocommerce-304-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-photoswipe/simple-photoswipe-01-missing-authorization-subscriber-settings-update</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-menu/jetmenu-24111-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-reviews-wp/widget-for-google-reviews-1015-authenticated-subscriber-directory-traversal-to-local-file-inclusion</loc>
<lastmod>2025-07-07T16:50:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-front-end-profile-021-stored-cross-site-scripting</loc>
<lastmod>2016-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-carousel-free/logo-carousel-341-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-264-authenticated-contributor-stored-cross-site-scripting-via-jkit-banner</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-dom-based-stored-cross-site-scripting-via-title_tag</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-x-discount-pop-up/coupon-x-discount-pop-up-promo-code-pop-ups-announcement-pop-up-woocommerce-popups-135-missing-authorization-to-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-01-10T14:13:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-box-by-crudlab/image-gallery-box-by-crudlab-103-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revision-manager-tmc/revision-manager-tmc-2822-cross-site-request-forgery</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-blocks/enhanced-blocks-8211-page-builder-blocks-for-gutenberg-141-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-team-members-showcase-plugin-449-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swiftxr-3darvr-viewer/swiftxr-3darvr-viewer-107-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-447-authenticatedcontributor-blind-server-side-request-forgery-ssrf</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-user-notes/frontend-user-notes-211-cross-site-request-forgery-to-note-content-modification-via-confirmedit-action</loc>
<lastmod>2026-06-05T10:36:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ship-to-ecourier/ship-to-ecourier-101-cross-site-request-forgery</loc>
<lastmod>2021-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-1748-unauthenticated-stored-cross-site-scripting-via-sanitize_file-function</loc>
<lastmod>2025-06-02T21:07:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cimy-user-manager/cimy-user-manager-144-arbitrary-file-read</loc>
<lastmod>2012-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-voice/magic-post-voice-12-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nova-lite/nova-lite-139-reflected-cross-site-scripting</loc>
<lastmod>2020-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2download-connector/2download-connector-for-2dl-hosted-checkout-015-missing-authorization-to-unauthenticated-sensitive-customer-subscription-data-exposure-via-todownload_email-parameter</loc>
<lastmod>2026-06-18T17:37:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anywhere-elementor-pro/anywhere-elementor-pro-229-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-add-sticky-fixed-buttons-42-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purple-xmls-google-product-feed-for-woocommerce/product-feed-on-woocommerce-for-google-357-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-480-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-syntax/wp-syntax-0910-remote-code-execution</loc>
<lastmod>2009-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-wp/google-map-225-sql-injection</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realbig-media/realbig-113-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-for-wordpress-fundraising-with-recurring-donations-more-1884-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-10-24T17:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-109-unauthenticated-sql-injection</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-category-notifications/wp-post-category-notifications-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapit/mapit-303-missing-authorization</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anthologize/anthologize-082-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-1995-authenticated-student-remote-code-execution</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-171-cross-site-request-forgery</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gallery-metabox/wp-gallery-metabox-100-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fabric/fabric-150-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-348-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32823-unauthenticated-stored-cross-site-scripting-via-update_field</loc>
<lastmod>2026-01-08T18:46:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-318-reflected-cross-site-scripting</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscribe/wp-subscribe-1212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-02T14:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surferseo/surfer-150502-authenticated-administrator-sql-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-line-shortcode/horizontal-line-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4144-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-portfolio-gallery/simple-portfolio-gallery-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-popups/nelio-popups-135-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/vulnerability-ecommerce-product-catalog-plugin-for-wordpress-334-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-on-the-go/acf-on-the-go-101-missing-authorization-to-authenticated-subscriber-arbitrary-content-update</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-downloader/ebook-downloader-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mediumishh/mediumish-1060-reflected-cross-site-scripting</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coneblog-widgets/coneblog-wordpress-blog-widgets-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roisin/roisin-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stephanie-king/sking-153-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-476-authenticated-contributor-stored-cross-site-scripting-via-class</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-on-site-seo-7521-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide-pages/wp-hide-pages-10-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-420-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-for-wordpress-123-cross-site-scripting</loc>
<lastmod>2018-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently-viewed-products/recently-viewed-products-100-unauthenticated-php-object-injection</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bunnycdn/bunnynet-wordpress-cdn-plugin-236-missing-authorization</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-220-missing-authorization-to-privilege-escalation</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patron-button-and-widgets-by-codebard/codebards-patron-button-and-widgets-for-patreon-218-reflected-cross-site-scripting-via-site_account</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-393-missing-authorization-to-authenticated-subscriber-arbitrary-coupon-modification</loc>
<lastmod>2026-01-08T19:03:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exquisite-paypal-donation/exquisite-paypal-donation-v200-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/wp-gdpr-compliance-2023-cross-site-request-forgery</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-1042-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insecure-content-warning/simple-git-3160-remote-code-execution</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-629-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks/productx-woocommerce-builder-gutenberg-woocommerce-blocks-314-php-object-injection-via-wopb_wishlist-and-wopb_compare</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-captcha/image-captcha-12-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-unauthenticated-stored-cross-site-scripting-via-forum-replies</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-tech-tribe/the-tribal-133-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-414-authenticated-sql-injection-via-orderby</loc>
<lastmod>2020-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-421-unauthenticated-information-exposure</loc>
<lastmod>2025-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-228-2676-php-object-injection</loc>
<lastmod>2020-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-draft-list/draft-list-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T19:04:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-schedule-posts/advanced-schedule-posts-218-reflected-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP-Mobile-BankID-Integration/wp-mobile-bankid-integration-100-php-object-injection</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/singlemalt/singlemalt-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3249-authenticated-contributor-phar-deserialization</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2160-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-306-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-translate/automatic-translator-with-google-translate-154-authenticated-administrator-stored-cross-site-scripting-via-custom-font</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wp-backup-migration-plugin-1238-12411-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextcellent-gallery-nextgen-legacy/nextcellent-gallery-1918-stored-cross-site-scripting</loc>
<lastmod>2014-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-artillery/email-artillery-mass-email-41-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-cross-site-request-forgery</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anything-popup/anything-popup-73-reflected-cross-site-scripting</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1243-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-241-missing-authorization-to-authenticated-shop-manager-arbitrary-user-password-change</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bluestreet/bluestreet-173-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-51-sensitive-information-disclosure</loc>
<lastmod>2021-09-16T15:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-stylesheet-switcher/wp-user-stylesheet-switcher-v220-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4167-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youneeq-panel/youneeq-recommendations-307-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-551-authenticated-subscriber-arbitrary-option-update</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-3290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-417-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crelly-slider/crelly-slider-111-sql-injection</loc>
<lastmod>2017-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etsy-shop/etsy-shop-303-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-71134-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2019-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit-username/wp-edit-username-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-with-ai-best-seo-tools-10218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-engagement/slickstream-203-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger/tiger-10121-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-26T16:19:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-38118-local-file-inclusion</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-responsive-photo-gallery/image-gallery-responsive-photo-gallery-105-missing-authorization</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-modal/easy-modal-210-sql-injection</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pressforward/pressforward-591-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18150-reflected-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-generator/table-generator-130-missing-authorization-to-table-modification</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlightr/spotlightr-0111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:02:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-ordering/got-js-package-1184-and-120-1210-open-redirect</loc>
<lastmod>2022-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-elementor-addons-lite/ultra-addons-lite-for-elementor-118-authenticated-contributor-restricted-post-disclosure</loc>
<lastmod>2025-02-27T19:54:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-399-missing-authorization-to-authenticated-subscriber-bookings-export</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-importer-plus/demo-importer-plus-201-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-01T19:35:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-events-manager/ovatheme-events-manager-184-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-206-unauthenticated-sql-injection</loc>
<lastmod>2008-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-343-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breaking-news-wp/breaking-news-wp-13-missing-authorization-to-authenticated-subscriber-local-file-inclusionread</loc>
<lastmod>2026-04-21T19:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-conversion-tracking/woocommerce-conversion-tracking-2011-missing-authorization-via-wcct_install_happy_addons</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/distance-based-shipping-calculator/distance-based-shipping-calculator-2021-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/gallery-block-meow-gallery-513-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go_pricing/go-pricing-wordpress-responsive-pricing-tables-3319-improper-authorization-to-arbitrary-file-upload</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-2340-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-182-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-shortcode/cpt-shortcode-generator-10-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome/font-awesome-400-rc15-and-400-rc16-api-token-exposure</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-1596-authenticated-contributor-stored-cross-site-scripting-via-widget-link</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwp-recaptcha/better-wordpress-recaptcha-203-reflected-cross-site-scripting</loc>
<lastmod>2018-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resim-ara/resim-ara-10-reflected-cross-site-scripting</loc>
<lastmod>2020-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-306-missing-authorization</loc>
<lastmod>2026-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customize-login-page/wp-customize-login-page-165-missing-authorization</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-150-reflected-cross-site-scripting</loc>
<lastmod>2017-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mashsharer/social-media-share-buttons-mashshare-4047-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-523-stored-cross-site-scripting-via-http_host</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/arlo/arlo-603-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr-premium/complianz-644-premium-6461-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-254-authorization-bypass</loc>
<lastmod>2019-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oopspam-anti-spam/oopspam-anti-spam-1144-cross-site-request-forgery-via-empty_ham_entries-and-empty_spam_entries</loc>
<lastmod>2023-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-rating/stars-rating-350-denial-of-service</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-iframe-googlemap/responsive-iframe-googlemap-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:21:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/rss-aggregator-5010-reflected-cross-site-scripting-via-template-parameter</loc>
<lastmod>2026-02-16T20:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designer/designer-141-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seed-social/seed-social-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-filter-pro/search-and-filter-pro-2519-missing-authorization-to-authenticated-subscriber-post-meta-exposure</loc>
<lastmod>2025-03-13T16:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-catcher/mail-logging-wp-mail-catcher-213-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-431-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/powerlift/powerlift-321-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget4call/widget4call-107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-2595-cross-site-request-forgery</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popups/popups-1938-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-ccbill/paid-memberships-pro-ccbill-gateway-03-insufficient-authorization</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stackable-ultimate-gutenberg-blocks/stackable-3181-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videozen/videozen-101-authenticated-administrator-stored-cross-site-scripting-via-videozen-available-subtitles-languages-field</loc>
<lastmod>2026-04-16T20:19:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-155-reflected-cross-site-scripting</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-link-preview/beautiful-link-preview-150-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mimo-woocommerce-order-tracking/mimo-woocommerce-order-tracking-102-missing-authorization-to-limited-settings-update</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wp-page-to-static-htmlcss-219-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/story-chief/storychief-1030-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wowrestro/wowrestro-online-ordering-system-for-woocommerce-11-cross-site-request-forgery</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/album-and-image-gallery-plus-lightbox/album-and-image-gallery-plus-lightbox-217-authenticated-contributor-stored-cross-site-scripting-via-plugins-shortcode</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-gallery/fw-gallery-800-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cartify/cartify-woocommerce-gutenberg-wordpress-13-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popular-posts/wordpress-popular-posts-532-authenticated-cross-site-scripting</loc>
<lastmod>2021-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaad-sarig-payment-gateway-for-wc/yaad-sarig-payment-gateway-for-wc-2210-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodex-posts-likes/kodex-posts-likes-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-44-missing-authorization-via-ladiflow_save_hook</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-subscription-forms/activecampaign-forms-site-tracking-live-chat-8111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-67-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newscred-publishing/welcome-software-publishing-0031-authenticated-subscriber-arbitrary-options-update-to-privilege-escalation-via-ncsetoption-xml-rpc-method</loc>
<lastmod>2026-06-23T16:42:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-plugin-super-socializer-71363-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-post-duplicator/wp-quick-post-duplicator-21-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-contact-form/popup-contact-form-71-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sailthru-triggermail/sailthru-triggermail-11-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-560-authenticatedadministrator-stored-cross-site-scripting-via-folder-import</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-converter-widget/currency-converter-widget-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basepress/knowledge-base-documentation-wiki-plugin-basepress-2161-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/parallelus-salutation/salutation-responsive-wordpress-theme-3016-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify-pro/analytify-pro-703-unauthenticated-information-exposure</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-912-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zigaform-calculator-cost-estimation-form-builder-lite/zigaform-765-unauthenticated-form-submission-data-disclosure-in-rocket_front_payment_seesummary-ajax-endpoint</loc>
<lastmod>2025-12-01T18:40:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2065-arbitrary-file-upload</loc>
<lastmod>2014-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/taxopress-3440-authenticated-editor-sql-injection</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iconic-woothumbs/woothumbs-for-woocommerce-by-iconic-553-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-89-cross-site-request-forgery</loc>
<lastmod>2022-10-25T13:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-521-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-list_id-parameter</loc>
<lastmod>2017-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenxel-core/lenxel-core-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1375-cross-site-request-forgery</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1531-missing-authorization-to-authenticated-subscriber-advertiser-creation</loc>
<lastmod>2026-05-12T15:43:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-widget-with-links/icon-widget-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-187-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-switcher-reloaded/theme-switcher-reloaded-11-reflected-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupbuddy/backupbuddy-2228-sensitive-information-disclosure</loc>
<lastmod>2013-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vod-infomaniak/vod-infomaniak-1511-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dl-verification/dl-verification-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3616-type-juggling-to-authentication-bypass-in-check_ota</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autobuzz/wp-autobuzz-111-cross-site-request-forgery-to-stored-cross-site-scripting-via-googleaccount-parameter</loc>
<lastmod>2026-05-26T17:23:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/album-and-image-gallery-plus-lightbox/album-and-image-gallery-plus-lightbox-20-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postpage-import-export-with-custom-fields-taxonomies/postpage-copying-tool-to-export-and-import-postpage-for-cross-site-migration-203-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/naturalife-extensions/naturalife-extensions-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/launchpad-by-obox/launchpad-1013-cross-site-request-forgery</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-401-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-201-authenticated-contributor-stored-cross-site-scripting-via-border-hero-widget</loc>
<lastmod>2026-02-02T17:17:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-518-unauthenticated-account-takeover-to-privilege-escalation</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-521-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passeum-ticketing/passeum-ticketing-10-authenticated-administrator-stored-cross-site-scripting-via-shop_name-setting</loc>
<lastmod>2026-06-02T10:57:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-conference/the-conference-125-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop/eshop-629-reflected-cross-site-scripting</loc>
<lastmod>2011-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-fastest-wordpress-migration-duplicator-272-unauthenticated-path-traversal</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-core/avada-core-5150-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-418-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv/import-users-from-csv-12-authenticated-admin-php-object-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nrgbusiness/the-business-161-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-infusionsoft/integration-for-keapinfusionsoft-and-contact-form-7-wpforms-elementor-formidable-ninja-forms-121-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-license-manager/software-license-manager-450-cross-site-request-forgery-leading-to-arbitrary-domain-deletion</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hippoo/hippoo-mobile-app-for-woocommerce-195-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mighty-addons/mighty-addons-for-elementor-193-reflected-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gspeech/gspeech-tts-wordpress-text-to-speech-plugin-31713-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nota-fiscal-eletronica-woocommerce/nota-fiscal-eletrnica-woocommerce-3409-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biteship/plugin-pengiriman-woocommerce-kurir-reguler-instan-kargo-biteship-320-insecure-direct-object-reference-to-authenticated-subscriber-view-order-tracking-details</loc>
<lastmod>2025-07-17T16:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3910-authenticated-contributor-stored-cross-site-scripting-via-wistia-block</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curved-text/curved-text-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-slider/yoo-slider-211-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-442-missing-authorization-on-rest-api</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-unishippers-edition/small-package-quotes-unishippers-edition-249-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lordicon-interactive-icons/lordicon-animated-icons-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2067-authenticated-contributor-stored-cross-site-scripting-via-tooltip-module</loc>
<lastmod>2025-01-06T17:32:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/skillate/skillate-1210-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/omnipress/omnipress-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-metrics-helper/seo-metrics-1015-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-01T18:49:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-shortcode-importer/flickr-shortcode-importer-223-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel/my-youtube-channel-30121-missing-authorization</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-ie/king_ie-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-25T21:22:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-264-authenticated-account-creation-and-privilege-escalation</loc>
<lastmod>2021-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-radio/wp-radio-worldwide-online-radio-stations-directory-for-wordpress-319-authenticatedsubscriber-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-web-player/podlove-web-player-591-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2243-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-834-unauthenticated-stored-cross-site-scripting-via-np1</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4158-authenticated-contributor-stored-cross-site-scripting-via-profilepress-user-panel-widget</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-for-woocommerce-free-562-and-premium-560-authenticated-subscriber-order-modification</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-google-cloud-print-gcp-woocommerce/bizprint-451-cross-site-request-forgery-in-printer-management</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digiproveblog/copyright-proof-416-reflected-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-on-update/mail-on-update-530-cross-site-request-forgery</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mousewheel-smooth-scroll/mousewheel-smooth-scroll-56-plugins-setting-update-via-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-323-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-privacy/embed-videos-and-respect-privacy-12-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-css/advanced-custom-css-110-reflected-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-logs-book/wp-logs-book-101-cross-site-request-forgery-to-log-clearing</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpecounter/views-counter-212-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-friends-widget/twitter-friends-widget-31-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T20:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-369-cross-site-request-forgery-to-field-import-and-php-object-injection</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-361-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/calendar-event-multi-view-1406-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-clear_uucss_logs</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-login/external-login-1112-unauthenticated-sql-injection-via-log</loc>
<lastmod>2025-10-14T19:58:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-552-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2045-admin-stored-cross-site-scripting</loc>
<lastmod>2019-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-194-reflected-cross-site-scripting</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-contact-form-7-db-186-authenticated-arbitrary-file-deletion</loc>
<lastmod>2022-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-2092-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploadify/uploadify-10-arbitrary-file-upload</loc>
<lastmod>2011-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-169-unauthenticated-sql-injection</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-disclaimer/review-disclaimer-203-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-for-woocommerce/ar-for-woocommerce-62-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsify-wp/responsify-wp-1911-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-3615-missing-authorization-to-unauthenticated-limited-arbitrary-file-upload</loc>
<lastmod>2026-01-22T17:11:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-consent/cookie-notice-consent-160-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedfocal/feedfocal-122-missing-authorization-via-feedfocal_api_setup-rest-function</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-264-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legacy-admin/legacy-admin-95-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cecabank-woocommerce/cecabank-woocommerce-plugin-034-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-code-checker/run-contests-raffles-and-giveaways-with-contestswp-207-unauthenticated-information-exposure</loc>
<lastmod>2026-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/viral-mag/viral-mag-109-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-spam/zero-spam-556-spam-protection-bypass</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalium/kalium-325-unauthenticated-arbitrary-code-execution</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eduma/eduma-547-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-login-page/a5-custom-login-page-281-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checklist/checklist-118-cross-site-scripting</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardinity-free-payment-gateway-for-woocommerce/cardinity-payment-gateway-for-woocommerce-306-reflected-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/achilles-shortcodes/achillestheme-shortcodes-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-404-cross-site-scripting</loc>
<lastmod>2016-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-gdpr-proof-google-analytics/surbma-gdpr-proof-cookie-consent-notice-bar-1753-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/valvepress-rankie/rankie-wordpress-rank-tracker-plugin-182-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmsmasters-content-composer/cmsmasters-content-composer-257-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-webfonts-for-sakura/ts-webfonts-for-sakura-312-cross-site-request-forgery</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-logins/track-logins-10-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-630-stored-cross-site-scripting</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-football-score-board/simple-football-scoreboard-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:08:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/injob/injob-multi-features-for-recruitment-wordpress-theme-340-reflected-cross-site-scripting</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adthrive-ads/raptive-ads-373-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-30229-sql-injection</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_web_pricing_tables_grids/css3-compare-pricing-tables-for-wordpress-116-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-231-missing-authorization-via-toggle_debugging</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-12811-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-325-cross-site-scripting</loc>
<lastmod>2016-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-sound/visual-sound-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eject/eject-217-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-app-structured-data-for-schemaorg/schema-app-structured-data-224-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colorlib-coming-soon-maintenance/coming-soon-maintenance-mode-by-colorlib-1099-information-exposure</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-on-feed/comments-on-feed-121-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1297-privilege-escalation-to-administrator-via-save_extra_user_profile_fields</loc>
<lastmod>2026-03-21T10:03:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ean-for-woocommerce/ean-for-woocommerce-535-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-535-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hybrid/hybrid-010-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-highlighter/comment-highlighter-013-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-cleanup/image-cleanup-192-unauthenticated-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skip-to-timestamp/skip-to-timestamp-144-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:16:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-00918-missing-authorization-to-unauthenticated-posttaxonomyuser-addchangedelete-customizer-setting-change-plugin-installationactivationdeactication-via-events_receiver</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-by-supsystic/coming-soon-by-supsystic-175-reflected-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-2214-reflected-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-78-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordcamp-talks/wordcamp-talks-100-beta3-csv-injection</loc>
<lastmod>2017-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watupro/watupro-4908-cross-site-request-forgery</loc>
<lastmod>2015-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-magazine-and-blog-elements/news-magazine-and-blog-elements-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popupkit-220-missing-authorization-to-authenticated-subscriber-arbitrary-subscriber-data-deletion</loc>
<lastmod>2026-01-05T16:05:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rs-members/rs-members-103-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-31-reflected-cross-site-scripting-via-s</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-projects-document-manager-2600-arbitrary-file-upload</loc>
<lastmod>2016-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-for-elementor-pro-2912-authenticatedcontributor-stored-cross-site-scripting-via-widget-link</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41028-authenticated-contributor-stored-cross-site-scripting-via-arrow_style</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type/custom-post-type-10-cross-site-request-forgery-to-custom-post-type-deletion</loc>
<lastmod>2025-11-20T19:22:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg/easy-svg-support-40-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2026-02-18T15:01:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/wordpress-online-booking-and-scheduling-plugin-bookly-2241-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualmodo-elements/visualmodo-elements-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-12-13T15:54:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stampedio-product-reviews/stampedio-product-reviews-ugc-for-woocommerce-232-missing-authorization</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-422-missing-authorization</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-scrolling-links-ssl/smooth-scroll-links-110-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1329-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/plank/plank-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-login/clean-login-1136-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifier/wanotifier-send-message-notifications-using-whatsapp-api-26-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nps-computy/nps-computy-275-cross-site-request-forgery-to-results-deletion</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-all-in-one-appointment-booking-system-appointment-scheduling-booking-calendar-woocommerce-bookings-1127-unauthenticated-arbitrary-booking-cancellation-via-weak-hash-generation</loc>
<lastmod>2025-11-10T22:27:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-318-authorization-bypass</loc>
<lastmod>2015-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-light-viewer/pdf-light-viewer-1411-authenticated-command-injection</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-6538-missing-authorization</loc>
<lastmod>2025-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-unauthenticated-html-injection-leading-to-spam-emails</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3190-authenticatedcontributor-arbitrary-file-deletion-and-phar-deserialization</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-and-widgets-622-authenticated-contributor-dom-based-stored-cross-site-scripting-via-data-gallery-items</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-organici-library/organici-library-212-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charts-ninja-graphs-and-charts/charts-ninja-create-beautiful-graphs-charts-and-easily-add-them-to-your-website-210-authenticated-contributor-stored-cross-site-scripting-via-chartid-shortcode-attribute</loc>
<lastmod>2026-05-04T14:07:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-complete-smtp-solution-with-logs-alerts-backup-smtp-mobile-app-360-missing-authorization-to-account-takeover-via-unauthenticated-email-log-disclosure</loc>
<lastmod>2025-10-31T14:46:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-8526-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-performance-lite/swift-performance-lite-2371-unauthenticated-local-php-file-inclusion-via-ajaxify</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-rede/rede-ita-for-woocommerce-payment-pix-credit-card-and-debit-515-missing-authorization-to-unauthenticated-rede-order-logs-deletion</loc>
<lastmod>2026-01-15T18:31:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-keyword-to-link/simple-keyword-to-link-15-cross-site-request-forgery</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/belingogeo/belingogeo-1120-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1324-cross-site-request-forgery-to-arbitrary-quiz-deletion-and-copying</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lucky-draw/lucky-draw-contests-42-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2025-12-12T16:09:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-add-to-cart-woocommerce/remove-add-to-cart-woocommerce-144-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-wp-as-saml-idp/login-using-wordpress-users-wp-as-saml-idp-1132-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-forms-for-wp/pie-forms-for-wp-16-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-17T20:08:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-actions-and-filters/add-shortcodes-actions-and-filters-209-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/solace/solace-2116-missing-authorization</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-240128-cross-site-request-forgery-via-redi_restaurant_admin_options_page</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-proof-testimonials-slider/social-proof-testimonials-slider-224-authenticated-contributor-stored-cross-site-scripting-via-spslider-block-shortcode</loc>
<lastmod>2024-11-12T13:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-397-unauthenticated-sql-injection</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-accordion/b-accordion-202-authenticated-contributor-information-exposure</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-classified-ads-business-directory-plugin-317-missing-authorization</loc>
<lastmod>2024-09-12T18:35:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multilingual/woocommerce-multilingual-multicurrency-with-wpml-537-reflected-cross-site-scripting</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wux-blog-editor/wux-blog-editor-300-authentication-bypass-to-administrator</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonder-fontawesome/wonder-fontawesome-08-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:45:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1352-cross-site-request-forgery</loc>
<lastmod>2025-01-29T19:50:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-688-authenticated-administrator-cross-site-scripting-via-form-name</loc>
<lastmod>2023-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-live-shoutcast-icecast-and-any-audio-stream-player-for-wordpress-2078-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-09-23T18:28:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clients/clients-114-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-261-reflected-cross-site-scripting</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rtl-tester/rtl-tester-12-cross-site-request-forgery</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-banners/custom-banners-33-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:41:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-plus/wp-survey-plus-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/myour/myour-151-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1144-authenticated-contributor-information-exposure</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3421-unauthenticated-sql-injection</loc>
<lastmod>2023-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/holler-box/hollerbox-213-authenticated-edit_popups-sql-injection</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensive-vc-addon/extensive-vc-addons-for-wpbakery-page-builder-191-unauthenticated-local-file-inclusion-via-shortcode_name-parameter</loc>
<lastmod>2025-12-12T16:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-woocommerce-frontend-manager-6724-authenticated-shop-manager-arbitrary-options-update</loc>
<lastmod>2026-02-09T11:20:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-plugin-1563-authenticated-blind-sql-injection</loc>
<lastmod>2015-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2614-missing-authorization-to-project-milestone-and-task-creationdeletion</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blossom-shop/blossom-shop-117-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pakke/pakke-envos-102-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-ai-powered-suggestions-179-authenticated-author-stored-cross-site-scripting-via-uploaded-image-title</loc>
<lastmod>2026-04-15T22:04:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-wordpress-team-member-showcase-plugin-411-directory-traversal-to-arbitrary-file-readdeletion</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formzu-wp/formzu-wp-167-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2113-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-statcounter-plugin-for-wordpress/statcounter-free-real-time-visitor-stats-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-290-unauthenticated-sql-injection-via-lang</loc>
<lastmod>2024-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress-multisite/blubrry-powerpress-podcasting-plugin-multisite-add-on-011-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smarty-for-wordpress/smarty-for-wordpress-3135-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-311-stored-cross-site-scripting</loc>
<lastmod>2020-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pootle-button/pootle-button-111-reflected-cross-site-scripting</loc>
<lastmod>2017-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/awake/awake-33-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-651-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maxcoach/maxcoach-325-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-thermometer/donation-thermometer-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4162-authenticated-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-4153-cross-site-request-forgery</loc>
<lastmod>2026-06-30T16:29:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmlt-tabbed-map/bmlt-tabbed-map-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-502-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_button-shortcode</loc>
<lastmod>2024-07-29T17:49:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-uploads/ninja-forms-file-uploads-3316-unauthenticated-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendars/event-calendar-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-swapper/menu-swapper-1102-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-news-sitemap/andrea-pernici-news-sitemap-for-google-1016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-04T10:07:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spacecontent/wp-spacecontent-045-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-author/post-author-111-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helpdesk-integration/wordpress-helpdesk-integration-5810-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T14:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg-upload/easy-svg-upload-11-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-30T14:05:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addthis/addthis-sharing-buttons-5012-authenticated-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/killer-theme-options/killer-theme-options-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keydatas/-keydatas-252-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-07-16T19:27:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animate-it/animate-it-235-cross-site-request-forgery</loc>
<lastmod>2019-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widget-bundle/widget-bundle-200-reflected-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/slider-popup-builder-by-depicter-361-unauthenticated-sql-injection-via-s-parameter</loc>
<lastmod>2025-05-05T20:26:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/frame/frame-240-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groupdocs-comparison/groupdocscomparison-for-cloud-103-cross-site-scripting</loc>
<lastmod>2013-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-691-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_remove_cdn_integration_ajax_request_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easy-data-table-5016-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/network-publisher/network-publisher-501-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-2142-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kau-boys-backend-localization/backend-localization-20-reflected-cross-site-scripting</loc>
<lastmod>2012-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stray-quotes/stray-random-quotes-199-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-519-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-3151-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/table-contact-form-7-database-tablesome-1027-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fx-calculators/forex-calculators-137-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-02-27T20:09:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fruitful/fruitful-382-stored-cross-site-scripting</loc>
<lastmod>2020-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-206-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-central/wpcentral-157-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-toolbar/web-accessibility-with-max-access-209-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-downloads/z-downloads-1114-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-497-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-optimizer-tools/wp-database-optimizer-tools-02-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doccure/doccure-core-154-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-31T18:22:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-https/wordpress-https-ssl-340-missing-authorization-to-settings-change</loc>
<lastmod>2022-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-231-reflected-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/easyeat/easyeat-190-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-style-pack/bbp-style-pack-555-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anyclip-media/anyclip-luminous-studio-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-failed-login-attempts/limit-login-attempts-spam-protection-491-unauthenticated-sql-injection</loc>
<lastmod>2022-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/wpguppy-110-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/cp-multi-view-event-calendar-1410-missing-authentication-leading-to-authenticated-subscriber-private-form-submission</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-builder-plugin-multi-step-contact-form-payment-form-custom-contact-form-plugin-by-bit-form-2101-unauthenticated-insecure-direct-object-reference-to-form-submission-alteration</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-photo-grid-video-gallery-21423-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ronneby-core/ronneby-theme-core-1568-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directory-pro/directory-pro-256-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-banners-lite/wp-banners-lite-129-131-140-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-downloads-list/simple-downloads-list-142-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-esto/woocommerce-esto-2231-cross-site-request-forgery-via-savesetting</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-2044-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-child-theme-generator/wp-child-theme-generator-112-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customizable-captcha-and-contact-us-form/customizable-captcha-and-contact-us-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailclient/free-mailclient-fmc-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3165-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-ditty_init-ajax-action</loc>
<lastmod>2026-05-21T19:07:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-455-authenticated-sales-rep-sql-injection-via-queryselect-parameter</loc>
<lastmod>2026-06-26T12:59:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotify-embed-creator/spotify-embed-creator-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-11T14:49:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-trending-post-slider-and-widget/trendingpopular-post-slider-and-widget-157-cross-site-request-forgery-via-wtpsw_post_view_count</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-box-with-different-description/author-box-plugin-with-different-description-135-cross-site-request-forgery</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reroute-email/wp-reroute-email-149-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-3528-privilege-escalation</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-175-cross-site-request-forgery-via-ic_system_status</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-1064-authenticated-contributor-stored-cross-site-scripting-via-woot_button-shortcode</loc>
<lastmod>2024-11-05T23:27:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-272-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajar-productions-in5-embed/ajar-in5-embed-313-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/lead-form-builder-contact-form-201-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minterpress/minterpress-105-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igniteup/igniteup-coming-soon-and-maintenance-mode-34-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2019-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-ftp/auto-ftp-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.5/wordpress-core-25-cross-site-scripting</loc>
<lastmod>2008-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7610-insufficient-authorization-to-comment-submission-on-deleted-posts</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immonex-kickstart/immonex-kickstart-1116-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/angwp/adning-advertising-155-arbitrary-file-upload</loc>
<lastmod>2020-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-instagram-feed/wd-instagram-feed-premium-130-cross-site-scripting</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemagick-engine/imagemagick-engine-175-cross-site-request-forgery-to-phar-deserialization</loc>
<lastmod>2023-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooshark-aliexpress-importer/sharkdropship-for-aliexpress-dropshipping-and-affiliate-224-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-4110-authenticated-contributor-stored-cross-site-scripting-via-follow_us_text-parameter</loc>
<lastmod>2026-04-07T15:20:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-124-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-delivery-date-for-woocommerce-lite/product-delivery-date-for-woocommerce-lite-270-missing-authorization</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-190-blind-server-side-request-forgery-via-getphp</loc>
<lastmod>2020-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-authenticated-givewp-manager-sql-injection-via-order-parameter</loc>
<lastmod>2024-09-26T17:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/first-comment-redirect/first-comment-redirect-103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-missing-authorization-in-regeneratesitemaps</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xt-facebook-events/xt-event-widget-for-social-events-117-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamweasels-kick-integration/streamweasels-kick-integration-115-authenticated-contributor-stored-cross-site-scripting-via-vodschannel-parameter</loc>
<lastmod>2025-09-05T14:45:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-142-cross-site-request-forgery-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sonaar/sonaar-4274-reflected-cross-site-scripting</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-bootstrap-widgets-for-elementor/best-bootstrap-widgets-for-elementor-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-users-masquerade/wp-users-masquerade-200-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-tool-lite/quiz-tool-lite-2315-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-popup/sticky-popup-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/currency-switcher-116-cross-site-request-forgery</loc>
<lastmod>2021-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-394-cross-site-request-forgery-to-cloud-snippet-downloadupdate-actions</loc>
<lastmod>2026-02-05T19:33:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-304-unauthenticated-insecure-direct-object-reference-to-order-status-update</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-121-cross-site-request-forgery-via-ig_update</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-by-realfavicongenerator/favicon-1329-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-775-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listify/listify-325-reflected-cross-site-scripting</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/feedy/feedy-215-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terraclassifieds/terraclassifieds-203-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/features/features-002-missing-authorization-to-authenticated-subscriber-option-reset</loc>
<lastmod>2025-11-04T14:25:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-subscriptions/woocommerce-subscriptions-263-stored-cross-site-scripting</loc>
<lastmod>2019-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-clone-extension/mainwp-clone-extension-402-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1182-improper-authorization-checks</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go-night-pro/go-night-pro-wordpress-dark-mode-plugin-110-authenticated-contributor-stored-cross-site-scripting-via-margin-shortcode-attribute</loc>
<lastmod>2026-03-20T15:10:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-logic/block-logic-108-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-03-21T17:53:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-facebook/social-feed-all-social-media-in-one-place-1546-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-136-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5194-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3303-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-18T16:22:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expert-invoice/expert-invoice-102-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-shortcode/quran-shortcode-15-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1248-cross-site-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171003-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-enhance-your-posts-with-the-author-bio-co-authors-guest-authors-and-post-rating-system-including-user-registration-form-builder-364-missing-authorization-to-rating-manipulation</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1841-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-medical-drawing-of-human-body/interactive-medical-drawing-of-human-body-24-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gboy-custom-google-map/gboy-custom-google-map-12-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-booster/seo-booster-389-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elemenda/elemenda-002-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T15:43:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-capturing-call-to-actions-by-vcita/contact-form-and-calls-to-action-by-vcita-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T16:51:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-wp/font-awesome-wp-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thanks-you-counter-button/thank-you-counter-button-193-cross-site-scripting</loc>
<lastmod>2014-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tilda-publishing/tilda-publishing-0323-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/companion-sitemap-generator/companion-sitemap-generator-4511-reflected-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-pay-counter/post-pay-counter-2789-reflected-cross-site-scripting</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoshelter-official-plugin/photoshelter-for-photographers-blog-feed-plugin-157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-post-type-plugin/quote-posttype-plugin-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T18:23:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-821-reflected-cross-site-scripting</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-31198-authenticated-administrator-arbitrary-directory-deletion-via-path-traversal-in-filename-parameter</loc>
<lastmod>2026-04-16T15:21:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coil-web-monetization/coil-web-monetization-202-cross-site-request-forgery</loc>
<lastmod>2025-11-17T20:18:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/backpacktraveler/backpack-traveler-2103-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-3876-sql-injection</loc>
<lastmod>2014-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clipart/clipart-02-reflected-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commenttweets/commenttweets-06-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/z-inventory-manager/plaininventory-inventory-management-plugin-315-reflected-cross-site-scripting</loc>
<lastmod>2024-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-messages/wp-private-messages-101-authenticated-sql-injection</loc>
<lastmod>2016-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nepali-date-converter/nepali-date-converter-208-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorizenet-payment-gateway-for-woocommerce/authorizenet-payment-gateway-for-woocommerce-80-insufficient-verification-of-data-authenticity-to-unauthenticated-payment-bypass</loc>
<lastmod>2024-06-03T17:05:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemeta/imagemeta-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-build-your-own-amazon-ebay-etsy-424-insecure-direct-object-reference-to-paypal-account-takeover-and-sensitive-information-disclosure</loc>
<lastmod>2026-01-19T15:32:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/minimog/minimogwp-396-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/max-addons-pro-bricks/max-addons-pro-for-bricks-161-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-31-cross-site-scripting</loc>
<lastmod>2011-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onelogin-saml-sso/onelogin-saml-sso-280-distributed-denial-of-service</loc>
<lastmod>2019-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-277-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-282-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-mail-address-encoder/simple-mail-address-encoder-17-reflected-cross-site-scripting</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serped-net/serpednet-46-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-popup/catch-popup-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:12:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-233-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-messages/wpc-smart-messages-for-woocommerce-421-missing-authorization-to-authenticated-subscriber-message-activationdeactivation</loc>
<lastmod>2024-10-28T20:36:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crelly-slider/crelly-slider-145-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1156-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/educare/educare-146-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-savetmplfile-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-158-unauthenticated-sql-injection</loc>
<lastmod>2015-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-233-cross-site-scripting</loc>
<lastmod>2016-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1502-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-02-16T16:02:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flat-shipping-rate-by-city-for-woocommerce/shipping-rates-by-city-for-woocommerce-103-authenticated-shop-manager-sql-injection-via-cities-parameter</loc>
<lastmod>2026-01-13T16:50:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zox-news/zox-news-3170-missing-authorization-to-authenticated-subscriber-arbitrary-options-modification</loc>
<lastmod>2025-02-10T19:17:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-23-related-posts-plugin/related-posts-272-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-2012-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-post-docx-source/seraphinite-post-docx-source-2169-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-178-cross-site-request-forgery</loc>
<lastmod>2024-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-1261-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sponsors/sponsors-350-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-price-history/wc-price-history-for-omnibus-214-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.5/wordpress-core-655-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addon-214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-26T19:07:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-uploader/wp-image-uploader-101-missing-authorization-to-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-20145-stored-cross-site-scripting</loc>
<lastmod>2019-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-search-360/site-search-360-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5389-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ucontext/ucontext-for-clickbank-391-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/binlayerpress/binlayerpress-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T14:22:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-326-missing-authorization</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-11115-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T17:56:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ragic-shortcode/ragic-shortcode-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joy-of-text/joy-of-text-lite-231-missing-authorization</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-688-reflected-cross-site-scripting-via-sql_error</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-comments/better-comments-155-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beek-widget-extention/beek-widget-extention-095-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-498-insufficient-authorization</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-contracts/wpsmartcontracts-1311-authenticated-author-sql-injection</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyappointments/easyappointments-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-central/wpcentral-147-privilege-escalation</loc>
<lastmod>2020-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloprint/helloprint-212-missing-authorization-to-unauthenticated-arbitrary-order-status-modification</loc>
<lastmod>2025-12-05T17:34:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiptimize-for-woocommerce/shiptimize-for-woocommerce-3186-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-db/wp-migrate-lite-276-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-11-17T22:17:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-delivery/wp-email-delivery-1201123-reflected-cross-site-scripting</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jnews/jnews-wordpress-newspaper-magazine-blog-amp-theme-1166-unauthorized-user-registration</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-266-privilege-escalation-via-arbitrary-user-meta-updates</loc>
<lastmod>2023-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-shortcode/gmap-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wechat-reward/wechat-reward-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/availability-calendar/availability-calendar-126-cross-site-request-forgery-via-add_availability_calendar_create_admin_page</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powies-whois/powers-whois-domain-check-0931-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totop-link/totop-link-171-unauthenticated-php-object-injection</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/live-composer-free-wordpress-website-builder-202-authenticated-contributor-php-object-injection-via-dslc_module_posts_output-shortcode</loc>
<lastmod>2025-12-20T14:10:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4270-unauthenticated-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-street-view/wp-google-street-view-with-360-virtual-tour-google-maps-local-seo-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multishipping/wcmultishipping-235-missing-authorization-to-log-export</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customify/customify-2104-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1003-mortgage-application/1003-mortgage-application-187-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-cross-site-request-forgery-to-wpformblocks-import</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-262-authenticated-admin-php-object-injection-via-form_data-parameter</loc>
<lastmod>2025-03-21T23:17:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/8-degree-coming-soon-page/coming-soon-landing-page-and-maintenance-mode-wordpress-plugin-220-missing-authorization</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-with-ajax/wp-login-with-ajax-06-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uper-elementor/uper-for-elementor-105-missing-authorization</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doubly/doubly-1046-authenticated-subscriber-php-object-injection-via-zip-file-import</loc>
<lastmod>2025-12-12T16:08:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pro/blog-designer-pro-for-wordpress-347-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goto/goto-tour-travel-wordpress-theme-20-reflected-cross-site-scripting</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-corrector/wp-post-corrector-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toret-manager/toret-manager-127-authenticated-subscriber-arbitrary-options-update-via-ajax-actions</loc>
<lastmod>2026-02-18T15:52:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azonpost/azonpost-13-reflected-cross-site-scripting</loc>
<lastmod>2026-05-11T19:06:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-shipping/persian-woocommerce-shipping-423-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-based-login/ip-based-login-240-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simasicher-dsgvo-cookie/simacookie-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0926-093-file-read-directory-traversal</loc>
<lastmod>2020-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paginate/wp-paginate-213-admin-stored-cross-site-scripting</loc>
<lastmod>2021-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5250-ip-spoofing</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-denial-of-service-via-xml</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-325-sql-injection</loc>
<lastmod>2015-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/referrer-detector/referrer-detector-4210-php-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-secure-by-sitesecuritymonitorcom/wp-secure-12-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-elearning-and-online-course-solution-370-authenticated-tutor-instructor-sql-injection</loc>
<lastmod>2025-08-12T18:27:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/wc-marketplace-413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-germanized/germanized-for-woocommerce-394-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-497-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7118-cross-site-scripting</loc>
<lastmod>2021-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extended-search/wp-extended-search-211-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-130-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-iframe/responsive-iframe-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-page-cat/landing-page-cat-coming-soon-page-maintenance-page-squeeze-pages-177-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rexcoin/rexcoin-126-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-picker/mail-picker-1015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooms/wooms-912-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-265-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibebp/vibebp-19941-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant/assistant-every-day-productivity-apps-1491-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-gallery/global-gallery-wordpress-responsive-gallery-915-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-161-unauthenticated-php-object-injection</loc>
<lastmod>2024-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-fancy-filter-3f/fast-fancy-filter-3f-122-cross-site-request-forgery-to-settings-modification-via-fff_save_settins-ajax-action</loc>
<lastmod>2026-04-21T19:03:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-gallery/post-gallery-106-cross-site-scripting</loc>
<lastmod>2013-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-245-authenticated-author-stored-cross-site-scripting-via-name</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-taxonomy-category-and-term-fields/lsd-custom-taxonomy-and-category-meta-132-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-geo-maps/interactive-geo-maps-1624-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-simple-wp-smtp-mail-22-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/gpt3-ai-content-writer-1866-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-performance-pack/wp-performance-pack-253-missing-authorization</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-430-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-print-pdf-ebook-converter-wordpress-plugin-3262-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-open-redirect</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1123-sql-injection</loc>
<lastmod>2016-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hotstar/hotstar-multi-purpose-business-theme-14-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-4602-sql-injection</loc>
<lastmod>2020-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-info-dashboard-widget/site-info-11-authenticated-editor-information-exposure</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-wordpress-help-desk-112-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tagesteller/tagesteller-mittagsmen-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager-pro/task-manager-pro-131-reflected-cross-site-scripting</loc>
<lastmod>2017-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formaloo-form-builder/formaloo-form-maker-customer-analytics-for-wordpress-woocommerce-2132-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-06T15:04:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssl-wireless-sms-notification/ssl-wireless-sms-notification-350-unauthenticated-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-responsive-menu/simple-responsive-menu-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/statpresscn/statpresscn-190-cross-site-scripting</loc>
<lastmod>2011-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directories/directoriespro-by-sabaiapps-1345-reflected-cross-site-scripting</loc>
<lastmod>2020-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-823-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-07T17:26:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/this-day-in-history/this-day-in-history-3101-reflected-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sonaar/sonaar-4274-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brid-video-easy-publish/target-video-easy-publish-385-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi/relevanssi-33-sql-injection</loc>
<lastmod>2014-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-124-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik-mortgage-calculator/estatik-mortgage-calculator-2011-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-304-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dearpdf-lite/pdf-viewer-3d-pdf-flipbook-dearpdf-2038-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/wp-cookie-consent-for-gdpr-ccpa-eprivacy-302-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-authenticatedcontributor-stored-cross-site-scripting-via-modal-popup-effet</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-commentnavi/wp-commentnavi-1121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construction-landing-page/themedropbox-themes-various-versions-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codup-woocommerce-dynamic-pricing-table-view/codup-woocommerce-dynamic-pricing-table-view-1214-stored-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/short-comment-filter/short-comment-filter-22-authenticated-administrator-stored-cross-site-scripting-via-minimum-count-setting</loc>
<lastmod>2026-04-21T19:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/special-box-for-content/special-box-for-content-1-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager-resumes/wp-job-manager-resume-manager-210-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-taxonomy-manager/xydac-ultimate-taxonomy-manager-20-cross-site-request-forgery</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-generator/page-generator-164-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-302-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-262-reflected-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-323-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connector-civicrm-mcrestface/connector-to-civicrm-with-civimcrestface-1010-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4026-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-page-notes/post-page-notes-011-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-keybase-verification/keybaseio-verification-145-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-02-17T17:15:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fonto/fonto-122-authenticated-author-arbitrary-file-download</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutena-forms/gutena-forms-contact-form-survey-form-feedback-form-booking-form-and-custom-form-builder-160-authenticated-contributor-limited-options-update-in-save_gutena_forms_schema</loc>
<lastmod>2026-03-03T21:42:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-easy-drag-drop-contact-form-builder-for-wordpress-1626-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moderate-selected-posts/moderate-selected-posts-14-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-23T19:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploading-svgwebp-and-ico-files/uploading-svg-webp-and-ico-files-101-arbitrary-file-upload</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/porto/porto-710-authenticated-contributor-local-file-inclusion-via-post-meta</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/ai-scribe-seo-ai-writer-content-generator-humanizer-blog-writer-seo-optimizer-dalle-3-ai-wordpress-plugin-chatgpt-gpt-4o-128k-25-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-09T14:59:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-warfare-430-missing-authorization</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/query-wrangler/query-wrangler-1554-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-14101-captcha-bypass</loc>
<lastmod>2010-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mimetic-books/mimetic-books-0213-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-402-plaintext-storage-of-backup-destination-password</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/charity-is-hope/hope-300-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-backlink-monitor/seo-backlink-monitor-160-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-630-insufficient-input-validation</loc>
<lastmod>2020-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-326-reflected-cross-site-scripting</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-management-lite/hr-management-lite-37-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-503-cross-site-scripting</loc>
<lastmod>2013-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-dynamic-pricing-discounts-lite/dynamic-pricing-amp-discounts-lite-for-woocommerce-203-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-imageflow2/wp-flow-plus-522-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/erp-1167-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creatorlms/creator-lms-the-lms-for-creators-coaches-and-trainers-1112-missing-authorization-to-authenticated-contributor-arbitrary-options-update</loc>
<lastmod>2026-01-20T01:48:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-your-content/protect-your-content-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6067-authenticated-contributor-stored-cross-site-scripting-via-rm_forms-shortcode</loc>
<lastmod>2025-12-15T02:16:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-3940-authenticated-contributor-stored-cross-site-scripting-via-autoplay-parameter</loc>
<lastmod>2024-05-17T17:27:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-461-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-32510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/plumbing-parts/plumbing-16-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/damedia-giglist/da-media-giglist-190-authenticated-contributor-stored-cross-site-scripting-via-list_title-shortcode-attribute</loc>
<lastmod>2026-03-06T18:46:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aspose-doc-exporter/asposewords-import-and-export-word-documents-20-arbitrary-file-download</loc>
<lastmod>2015-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pollin/pollin-1011-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T19:28:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-2717-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-08T16:20:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atec-debug/atec-debug-1222-authenticated-administrator-arbitrary-file-read</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-327-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmo-expo/bmo-expo-1015-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imdb-widget/imdb-profile-widget-109-local-file-inclusion</loc>
<lastmod>2016-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-labels/advanced-woo-labels-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subitem-al-slider/subitem-al-slider-100-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-02-06T20:24:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-product-list-table/custom-product-list-table-300-cross-site-request-forgery</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cats-job-listings/cats-job-listings-209-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:45:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta-signup-embed/laposta-signup-embed-110-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-one-click-upsell-funnel/one-click-upsell-funnel-for-woocommerce-349-authenticated-contributor-stored-cross-site-scripting-via-wps_wocuf_pro_yes-shortcode</loc>
<lastmod>2024-12-20T18:47:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-736-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-post-embed/social-post-embed-201-authenticated-contributor-stored-cross-site-scripting-via-threads-embed</loc>
<lastmod>2026-04-27T15:57:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/wp-front-user-submit-front-editor-493-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-1418-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparimager-elementor/comparimager-for-elementor-101-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.3/wordpress-core-431-cross-site-scripting-via-shortcodes</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/translogic/translogic-1211-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-124-cross-site-request-forgery-to-plugin-settings-change</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-and-logout-redirect/wp-login-and-logout-redirect-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/3cx-live-chat-942-local-file-inclusion</loc>
<lastmod>2022-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-48-authenticated-author-stored-cross-site-scripting-via-attachment-meta</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-1029-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-256-missing-authorization-to-user-points-updates</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-private-content-plus/wp-private-content-plus-362-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-08-11T13:49:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-161-authenticated-contributor-sensitive-information-disclosure</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21023-authenticated-author-server-side-request-forgery-via-url</loc>
<lastmod>2023-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-183-missing-authorization</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1371-missing-authorization</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-and-templates-379-authenticated-contributor-stored-cross-site-scripting-via-simple-tab-widget</loc>
<lastmod>2026-04-03T19:37:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/appointment-booking-calendar-plugin-and-online-scheduling-plugin-bookingpress-116-117-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-stripe/woocommerce-stripe-payment-gateway-740-missing-authorization</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geopost/geopost-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:18:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-stripe/user-registration-stripe-1314-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tawkto-live-chat/tawkto-live-chat-054-missing-authorization-to-visitor-monitoring-chat-removal</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-that-stat/track-that-stat-110-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-861-stored-cross-site-scripting-via-custom-js-module</loc>
<lastmod>2025-10-14T17:29:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-calendar-booking-plugin-for-appointments-and-events-550-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-2414-unauthenticated-time-based-sql-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-425-insecure-password-reset-mechanism</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1363-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-reflected-cross-site-scripting-via-registration-form</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jnews/jnews-1165-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-314-unauthenticated-sql-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-185-missing-authorization-via-dataupdate-api-endpoint</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-1120-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-13T08:43:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-coming-soon/ultimate-coming-soon-maintenance-109-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enigma-buttons/enigma-buttons-113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-25T13:43:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stageshow/stageshow-986-reflected-cross-site-scripting</loc>
<lastmod>2025-01-30T00:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-190-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/celeste/celeste-136-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-for-learndash/powerpack-for-learndash-120-unauthenticated-arbitrary-options-update</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-builder/skt-page-builder-49-missing-authorization</loc>
<lastmod>2025-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vimeography/vimeography-vimeo-video-gallery-wordpress-plugin-241-cross-site-request-forgery</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-clients/sprout-clients-321-reflected-cross-site-scripting</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-chocolate/chocolate-wp-responsive-photography-theme-all-versions-full-path-disclosure</loc>
<lastmod>2013-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5981-missing-authorization-to-authenticated-subscriber-arbitrary-message-deletion</loc>
<lastmod>2026-03-06T11:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-download-352-insufficient-verification-to-order-manipulation</loc>
<lastmod>2025-11-05T16:27:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/company-posts-for-linkedin/company-posts-for-linkedin-100-missing-authorization-to-authenticated-subscriber-arbitrary-linkedin-post-data-deletion</loc>
<lastmod>2026-03-20T15:17:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-5414-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/advanced-form-integration-1950-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builderall-cheetah-for-wp/builderall-builder-for-wordpress-201-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log-premium/wp-activity-log-premium-450-cross-site-request-forgery-via-ajax_switch_db</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-multisite-user-sync/wordpress-multisite-user-syncunsync-premium-211-reflected-cross-site-scripting</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spa-and-salon/spa-and-salon-127-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-generate-ai-content-without-prompt-chatbot-and-lead-generation-120-unauthenticated-sql-injection-via-attributekey</loc>
<lastmod>2026-05-04T15:06:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scraper/wp-scraper-581-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-10-10T20:39:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-mainwp/wp-compress-for-mainwp-63003-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/simple-git-3150-remote-code-execution</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pie-coming-soon/easy-pie-coming-soon-101-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-weight/cart-weight-for-woocommerce-1911-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travel-agency/travel-agency-149-cross-site-request-forgery</loc>
<lastmod>2024-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-security-policy-pro/content-security-policy-pro-135-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laybuy-gateway-for-woocommerce/laybuy-payment-extension-for-woocommerce-539-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/histudy/histudy-online-courses-education-template-310-unauthenticated-sql-injection</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalium/kalium-3183-reflected-cross-site-scripting</loc>
<lastmod>2025-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-31920-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-16T18:33:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infographic-and-list-builder-ilist/infographic-maker-ilist-474-missing-authorization-to-authenticated-subscriber-arbitrary-title-update</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-01085-unauthenticated-local-php-file-inclusion</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-map-no-api/simple-map-no-api-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laybuy-gateway-for-woocommerce/laybuy-payment-extension-for-woocommerce-539-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-awesome/demo-awesome-101-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-savesettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-and-accordion-slider/accordion-and-accordion-slider-124-missing-authorization-via-wp_aas_get_attachment_edit_form-and-wp_aas_save_attachment_data</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sb-uploader/sb-uploader-48-arbitrary-file-upload</loc>
<lastmod>2012-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarapay-woocommerce/atarapay-woocommerce-payment-gateway-2013-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prezi-embedder/prezi-embedder-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-wp-import-export-3915-unauthenticated-sensitive-data-disclosure</loc>
<lastmod>2022-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1128-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-213-reflected-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-for-wp/pdf-generator-for-wordpress-154-missing-authorization</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-log/email-log-246-admin-sql-injection</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cirrus/wp-cirrus-0611-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-email-blacklist/cm-e-mail-blacklist-simple-email-filtering-for-safer-registration-155-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/clanora/clanora-131-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bon-toolkit/bon-toolkit-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-14T14:24:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-submissions/contact-form-submissions-172-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sofass/sofass-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-pricing-table/pricing-table-201-cross-site-request-forgery-via-ajax</loc>
<lastmod>2024-07-08T20:07:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-14989-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printful-shipping-for-woocommerce/printful-integration-for-woocommerce-2211-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-18T14:59:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsyncsheets-woocommerce/export-order-product-customer-coupon-for-woocommerce-to-google-sheets-182-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/jobwp-245-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-frontend-manager/pz-frontend-manager-105-cross-site-request-forgery-to-profile-picture-update</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-deals-for-woocommerce/pricing-deals-for-woocommerce-20202-unauthenticated-sql-injection</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-vc-addon/ovic-responsive-wpbakery-128-authenticated-subscriber-arbitrary-option-update</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-235-missing-authorization</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-types-carousel-slider/post-carousel-slider-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:02:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-41612-missing-authorization-to-authenticated-subscriber-inactive-membership-plan-subscription</loc>
<lastmod>2026-04-15T09:44:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2173-reflected-cross-site-scripting</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-contact-form/vs-contact-form-147-captcha-bypass</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator/store-locator-for-wordpress-with-google-maps-lotsoflocales-39810-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-content/dropdown-content-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-832-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3122-cross-site-request-forgery</loc>
<lastmod>2021-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woorousell/product-carousel-for-woocommerce-woorousell-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4184-missing-authorization</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/peakshops/peakshops-159-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-2441-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-146-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-search/wp-ultimate-search-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsupp-live-chat/smartsupp-live-chat-chatbots-ai-and-lead-generation-36-cross-site-request-forgery</loc>
<lastmod>2024-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payu-india/payu-commercepro-plugin-387-authentication-bypass</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-hubspot/integration-for-contact-form-7-hubspot-131-cross-site-request-forgery</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-conditional-success-redirects/easy-digital-downloads-conditional-success-redirects-111-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/croma-music/croma-music-36-authenticated-subscriber-arbitrary-options-update-in-ironmusic_ajax</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aspose-doc-exporter/asposewords-exporter-631-missing-authorization</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-export-import/magic-export-import-110-unauthenticated-information-exposure</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-webhooks/ninja-forms-webhooks-307-authenticated-admin-server-side-request-forgery-via-form-webhook</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-block/iframe-block-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdfjs-viewer-shortcode/pdfjs-viewer-217-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tennis-court-bookings/tennis-court-bookings-127-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-facebook-twitter-widget/advanced-social-feeds-widget-shortcode-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-security-plugin-5018-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cnzz51la-for-wordpress/cnzz51la-for-wordpress-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8118-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-core/classima-2111-reflected-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-bio/limit-bio-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/stripe-payment-plugin-for-woocommerce-377-authentication-bypass</loc>
<lastmod>2023-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-532-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-420-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-a-quote-for-woocommerce/get-quote-for-woocommerce-request-a-quote-for-woocommerce-100-missing-authorization-to-unauthenticated-quote-pdf-and-csv-download</loc>
<lastmod>2024-10-30T18:08:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixter-image-digital-license/multiple-plugins-by-itayamar-backdoored-software</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-portal-suitedash-login/client-portal-suitedash-direct-login-173-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-add-active-class-to-menu-item/wp-add-active-class-to-menu-item-10-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adfoxly/adfoxly-ad-manager-adsense-ads-adstxt-184-reflected-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-featured-image/auto-featured-image-12-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-430-reflected-cross-site-scripting</loc>
<lastmod>2020-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-table-prefix/change-table-prefix-20-cross-site-request-forgery-via-change_prefix_form</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toast-responsive-menu/toast-mobile-menu-108-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-444-missing-authorization</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-bkash/payment-gateway-bkash-for-wc-310-missing-authorization</loc>
<lastmod>2025-11-20T05:24:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-toolbar/gravity-forms-toolbar-170-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-scanner/upload-scanner-12-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-bar/floating-social-bar-116-unauthenticated-cross-site-scripting</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-player-for-woocommerce/music-player-for-woocommerce-151-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download/subscribe-to-download-209-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/abelle/abelle-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-elementor/portfolio-for-elementor-23-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-sports-streamthunder/live-sports-streamthunder-21-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meteor/wp-meteor-page-speed-optimization-topping-314-cross-site-request-forgery-via-processajaxnoticedismiss</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-1130-unauthenticated-limited-directory-traversal-to-arbitrary-txt-file-reading</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitget/twitget-333-cross-site-request-forgery</loc>
<lastmod>2014-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/haxcan/haxcan-100-authenticated-admin-path-traversal-to-arbitrary-file-read</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-html5-video-player/secure-html5-video-player-34-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphic-web-design-inc/gwd-connect-29-unauthenticated-limited-code-execution-via-update_agent</loc>
<lastmod>2026-05-11T19:06:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-423-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2015-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenmart/greenmart-251-reflected-cross-site-scripting</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcrawl-seo/smartcrawl-wordpress-seo-checker-seo-analyzer-seo-optimizer-3108-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-09T19:53:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/indeed-membership-pro-75-arbitrary-file-upload</loc>
<lastmod>2019-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-deletecssandjscachetoolbar</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-260-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-read-time/post-read-time-126-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-authorize-net/authorizenet-add-on-for-ithemes-exchange-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1358-sql-injection</loc>
<lastmod>2014-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-and-food-ordering-240-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-14T17:29:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/oauth-server-433-open-redirect</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-unauthenticated-blind-server-side-request-forgery-via-xml-rpc-pingback-discovery</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-398-authenticatedcontributor-stored-cross-site-scripting-via-google-calendar-widget-link</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relais-2fa/relais-2fa-10-authentication-bypass</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-381-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wordpress-affiliate-plugin-354-missing-authorization-via-atkp_import_product</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-featured-image/simple-featured-image-131-authenticated-contributor-stored-cross-site-scripting-via-slideshow-parameter</loc>
<lastmod>2025-07-08T14:48:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13975-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T17:22:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21121-authenticated-author-sql-injection-via-cookie</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-5417-reflected-cross-site-scripting</loc>
<lastmod>2014-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thrive-automator/thrive-automator-117-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motive-commerce-search/ai-product-search-for-woocommerce-motive-commerce-search-1382-missing-authorization</loc>
<lastmod>2026-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1266-authenticated-contributor-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-07-19T22:34:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-pin/site-pin-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-241-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-task-team-and-project-management-plugin-featuring-kanban-board-and-gantt-charts-2622-authenticated-subscriber-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-08T15:42:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/location-piker/google-map-with-fancybox-210-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/popup-optin-form-email-newsletters-for-mailchimp-hubspot-aweber-mailoptin-12703-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copymatic/copymatic-ai-content-writer-generator-19-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-authenticated-admin-sql-injection-via-wpjobportal_deactivate</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twittee-text-tweet/twittee-text-tweet-108-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-04-21T19:07:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-screen-manager/login-screen-manager-352-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/types/toolset-types-188-cross-site-scripting</loc>
<lastmod>2015-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-ajaxer-lite-dynamic-page-load/dzs-ajaxer-lite-ajaxify-your-wordpress-site-and-comment-104-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3712-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-31424-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helper-lite/wp-helper-premium-420-authenticated-contributor-sql-injection</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-for-elementor/pdf-viewer-for-elementor-293-authenticated-contributor-stored-cross-site-scripting-via-render</loc>
<lastmod>2024-06-17T14:20:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-page-styler/login-page-styler-62-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-razorpay/razorpay-for-woocommerce-483-missing-authorization</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-addon-for-elementor/image-hover-effects-elementor-addon-141-authenticatedcontributor-dom-based-stored-cross-site-scripting-via-image-hover-effects-widget</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-528-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/atomchat-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteseo/siteseo-seo-simplified-132-insecure-direct-object-reference-to-sensitive-post-meta-disclosure</loc>
<lastmod>2025-11-18T18:07:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1224-sql-injection</loc>
<lastmod>2016-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-86-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-17T18:22:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-plugin-super-socializer-714-unauthenticated-limited-sql-injection-via-supersocializerkey</loc>
<lastmod>2025-01-20T22:38:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-group-documents/bp-group-documents-121-path-traversal</loc>
<lastmod>2013-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-business-reviews/better-business-reviews-011-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-808-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3141-reflected-cross-site-scripting-via-plugin</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-480-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooframework-tweaks/wooframework-tweaks-101-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nicebackgrounds/nice-backgrounds-10-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/dear-flipbook-2420-authenticated-auhtor-stored-cross-site-scripting-via-pdf-page-labels</loc>
<lastmod>2026-03-10T10:33:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-stats-by-w3counter/w3counter-free-real-time-web-stats-41-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zionbuilder/wordpress-page-builder-zion-builder-369-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-177-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-language-switch/user-language-switch-1610-authenticated-administrator-server-side-request-forgery-via-info_language-parameter</loc>
<lastmod>2026-02-13T18:30:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-176-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-shortcodes/themify-shortcodes-207-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-970-reflected-cross-site-scripting-via-effects</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-5133-insecure-direct-object-reference-to-information-disclosure</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-lite/coupon-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey/survey-11-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-03-20T15:20:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2129-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkpizza-manager/linkpizza-manager-555-missing-authorization</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zakra/zakra-415-missing-authorization-to-subscriber-demo-import</loc>
<lastmod>2025-08-05T13:58:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-filter/search-filter-1217-cross-site-request-forgery</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajs-footnotes/ajs-footnotes-10-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-13T17:23:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-widgets/wp-testimonials-143-authenticated-contributor-sql-injection</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenxel-core/lenxel-core-125-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-widget/rich-widget-024-arbitrary-file-upload</loc>
<lastmod>2012-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-1041-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-318-cross-site-scripting</loc>
<lastmod>2017-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-513-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-plugin-1262-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zeno-font-resizer/zeno-font-resizer-179-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-tables-in-wordpress-made-easy-324-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-11-03T14:02:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleshop-cz/simpleshop-2102-missing-authorization</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-invoices-and-packing-slips-for-woocommerce/pdf-invoices-and-packing-slips-for-woocommerce-137-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3142-cross-site-scripting</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-273-authenticated-instructor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-404-authenticated-contributor-stored-crosssite-scripting</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-3120-stored-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-with-ticket-scanner/event-tickets-with-ticket-scanner-244-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertkit/convertkit-245-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pelicula-video-production-and-movie-theme/pelicula-110-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quicksand-jquery-post-filter/quicksand-post-filter-jquery-plugin-311-cross-site-request-forgery-via-renderadmin</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date-for-woocommerce/order-delivery-date-for-woocommerce-451-unauthenticated-sql-injection</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-timer-for-elementor/countdown-timer-for-elementor-139-authenticated-contributor-stored-cross-site-scripting-via-countdown_label</loc>
<lastmod>2025-09-10T18:56:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-tinymce/ultimate-tinymce-57-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-29T14:04:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-builder/visual-builder-122-missing-authorization</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/wordpress-header-builder-plugin-138-cross-site-request-forgery-to-header-deletion</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsuite/bsuite-5-alpha-2-multiple-cross-site-scripting</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-205-cross-site-scripting</loc>
<lastmod>2007-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2139-authenticated-administrator-arbitrary-file-read-and-deletion</loc>
<lastmod>2024-08-19T15:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-469-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-614-missing-authorization-via-wpas_edit_reply_ajax</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-spreadsheets/cf7-spreadsheets-232-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listeo-core/listeo-core-directory-plugin-by-purethemes-2027-unauthenticated-arbitrary-media-upload</loc>
<lastmod>2026-04-03T22:09:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envialosimple-email-marketing-y-newsletters-gratis/envalosimple-email-marketing-y-newsletters-22-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-orders-ei/woocommerce-orders-customers-exporter-54-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-import-export-for-woo/product-import-export-for-woocommerce-250-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-read-via-download_file-function</loc>
<lastmod>2025-03-25T23:20:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-stored-cross-site-scripting-via-file-uploads</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-post-prefix/advance-post-prefix-111-authenticated-admin-sql-injection</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-related-posts/custom-related-posts-180-unauthenticated-information-exposure</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-3d-tag-cloud/3d-tag-cloud-38-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-capturing-call-to-actions-by-vcita/contact-form-and-calls-to-action-by-vcita-264-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-20-modules-all-in-one-solution-formerly-woolentor-312-unauthenticated-server-side-request-forgery-via-url-parameter</loc>
<lastmod>2025-04-24T16:21:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pushbiz/pushbiz-push-notification-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-391-cross-site-request-forgery</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-3212-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-225-reflected-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-22-reflected-cross-site-scripting</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-provider/file-provider-123-cross-site-request-forgery-to-item-deletion</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/denk-internet-solutions/actueel-financieel-nieuws-denk-internet-solutions-520-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nps-computy/nps-computy-282-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-header-oceanwp/oceanwp-sticky-header-108-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-ultimate-travel-booking-system-tour-management-engine-1000-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-08T22:00:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/seil/seil-171-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-google-job-posting-manager/vk-google-job-posting-manager-1223-authenticated-author-stored-cross-site-scripting-via-job-description-field</loc>
<lastmod>2026-01-23T19:16:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/6storage-rentals/6storage-rentals-2196-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5744-authenticated-admin-stored-cross-site-scripting-via-workflow-settings</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalprocessing-card-payments/nomupay-payment-processing-gateway-717-authenticated-shop-manager-arbitrary-file-download</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uicore-elements/uicore-elements-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishsuite/wishsuite-151-authenticated-contributor-stored-cross-site-scripting-via-button_text-shortcode-attribute</loc>
<lastmod>2025-12-20T14:14:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telegram-bot/telegram-bot-channel-382-cross-site-request-forgery</loc>
<lastmod>2024-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3254-authenticated-admin-path-traversal</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-coupons-for-woocommerce-by-algoritmika/coupons-amp-add-to-cart-by-url-links-for-woocommerce-177-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1620-unauthenticated-arbitrary-user-password-reset</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmi-bmr-calculator/bmi-bmr-calculator-13-reflected-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-variables/ip2location-variables-295-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-349-unauthenticated-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6394-content-spoofing</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-591229-reflected-cross-site-scripting</loc>
<lastmod>2016-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/cardealer-164-arbitrary-theme-option-update-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-314-missing-authorization</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-affiliate-link-manager-3104-authorization-bypass-and-cross-site-request-forgery</loc>
<lastmod>2022-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-362-unauthorized-user-registration</loc>
<lastmod>2025-11-07T15:06:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapfig-studio/mapfig-studio-021-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archivist-custom-archive-templates/archivist-custom-archive-templates-174-cross-site-request-forgery</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-153-reflected-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/wordpress-online-booking-and-scheduling-plugin-bookly-145-cross-site-scripting</loc>
<lastmod>2018-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-category-library/media-category-library-27-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2436-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T13:10:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-106-cross-site-request-forgery</loc>
<lastmod>2018-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3141-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crazy-bone/crazy-bone-060-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a1post-bg-shipping-for-woocommerce/a1postbg-shipping-for-woocommerce-15-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1123-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wip-custom-login/wip-custom-login-127-missing-authorization</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-379-unauthenticated-account-takeoverprivilege-escalation</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b1-accounting/b1lt-for-woocommerce-2257-missing-authorization-to-authenticated-subscriber-arbitrary-sql-injection</loc>
<lastmod>2025-07-17T16:35:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mas-addons-for-elementor/mas-elementor-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-up/gift-up-gift-cards-for-wordpress-and-woocommerce-2201-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-youtube-responsive/simple-youtube-responsive-25-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-download/wp-file-download-625-reflected-cross-site-scripting</loc>
<lastmod>2025-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-470-unauthenticated-improper-handling-of-missing-values</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/agricola/agricola-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printcart-integration/printcart-web-to-print-product-designer-for-woocommerce-243-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-builder/wc-builder-120-authenticated-shop-manager-stored-cross-site-scripting-via-heading_color-shortcode-attribute</loc>
<lastmod>2025-12-20T14:13:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/books-papers/books-papers-020210223-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hide/wp-hide-002-missing-authorization-to-settings-update</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-consultant/wp-consultant-10-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsensei-b30/adsmonetizer-324-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prenotazioni/prenotazioni-174-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundst-seo-search/soundst-seo-search-123-reflected-cross-site-scripting</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rapidresult/rapidresult-12-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-23T20:08:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rumbletalk-chat-a-chat-with-themes/rumbletalk-live-group-chat-html5-630-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6511-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contest/wp-contest-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-on-site-seo-811-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-widget/wp-page-widget-39-cross-site-request-forgery</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2693-missing-authorization</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamically-register-sidebars/dynamically-register-sidebars-101-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-21001-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-angular-contact-form/advanced-angular-contact-form-110-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-168-reflected-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-variables/snippet-shortcodes-416-authenticated-subscriber-shortcode-deletion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-178-reflected-cross-site-scripting-via-limit_sessioncount</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-visibility-for-elementor/dynamic-visibility-for-elementor-505-missing-authorization-to-authenticatedsubscriber-post-visibility-modification</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xts-hitek/hitek-183-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-countdown-for-woocommerce/product-time-countdown-for-woocommerce-164-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-pages/insert-pages-361-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplistic-seo/simplistic-seo-230-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/template-kit-export/template-kit-export-1021-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p/interactive-content-h5p-1176-reflected-cross-site-scripting</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-191068-authorization-bypass-to-blocking-control-bypass</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-settings/advanced-settings-311-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poeditor/poeditor-094-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-webfonts-local/omgf-gdprdsgvo-compliant-faster-google-fonts-easy-579-missing-authorization-to-unauthenticated-directory-deletion-and-cross-site-scripting</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-1151-cross-site-request-forgery</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-298-stored-cross-site-scripting</loc>
<lastmod>2020-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dental-optimizer-patient-generator-app/dental-optimizer-patient-generator-app-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-763-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1538-missing-authorization</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertful/convertful-your-ultimate-on-site-conversion-tool-25-missing-authorization-via-add_woo_coupon</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onepress/onepress-238-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/victo/victo-1416-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-ui-customize/wp-admin-ui-customize-1513-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p/h5p-1161-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phpinfo-wp/phpinfo-wp-40-cross-site-request-forgery</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-11610-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/markdown-shortcode/markdown-shortcode-021-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-25T17:54:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-395-insecure-direct-object-reference-to-authenticated-instructor-arbitrary-course-modification-and-deletion</loc>
<lastmod>2026-02-02T18:41:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tajer/tajer-105-arbitrary-file-upload</loc>
<lastmod>2018-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor-bootstrap-blocks/bootstrap-blocks-for-wp-editor-v2-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T18:13:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-operator-plugin/tour-activity-operator-plugin-for-tourcms-170-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:18:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebot/likebot-decentralized-like-system-085-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hashthemes-demo-importer/hashthemes-demo-importer-111-missing-authorization-to-database-wipe</loc>
<lastmod>2021-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13327-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-1117-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-1521-authenticated-contributor-stored-cross-site-scripting-via-ad-widget</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator/store-locator-39810-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-password-protect-pages-and-content-4224-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-610-reflected-cross-site-scripting-via-current_month_divider-parameter</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tp2wp-importer/tp2wp-importer-11-authenticated-administrator-stored-cross-site-scripting-via-watched-domains-textarea</loc>
<lastmod>2026-02-25T12:51:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadshirt-rss-3d-cube-flash-gallery/wp-rss-spreadshirt-3dcube-gallery-13-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-562-authenticated-contributor-stored-cross-site-scripting-via-video-widget</loc>
<lastmod>2024-08-19T15:13:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified/wp-last-modified-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1836-missing-authorization-to-unauthenticated-arbitrary-comment-deletion</loc>
<lastmod>2026-01-21T10:40:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-620-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-260-directory-traversal-to-authenticated-administrator-limited-arbitrary-file-deletion-via-admin_log_page-function</loc>
<lastmod>2025-03-19T22:27:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-516-privilege-escalation-via-password-resetaccount-takeover</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email/wp-email-2672-unauthenticated-cross-site-scripting</loc>
<lastmod>2016-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more/read-more-by-adam-118-missing-authorization-to-authenticated-subscriber-read-more-button-deletion</loc>
<lastmod>2024-10-11T16:35:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-appointment-booking-and-scheduler-plugin-114-sensitive-information-exposure-via-views-files</loc>
<lastmod>2026-03-30T16:18:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-responsive-image-gallery-443-reflected-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-225-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chp-ads-block-detector/chp-ads-block-detector-394-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-api/indeed-api-05-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-197-cross-site-scripting</loc>
<lastmod>2012-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imithemes-listing/imithemes-listing-33-unauthenticated-privilege-escalation-via-unverified-password-reset</loc>
<lastmod>2025-05-08T17:58:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-1110-authenticated-contributor-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2026-01-08T19:34:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5119-authenticated-form-manager-stored-cross-site-scripting</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-restaurant-menu/my-restaurant-menu-020-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-theme-291-stored-cross-site-scripting</loc>
<lastmod>2019-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-portfolio/ht-portfolio-115-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-869-missing-authorization-to-unauthenticated-shortcode-execution</loc>
<lastmod>2024-09-04T21:33:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-user-profile-builder-and-user-management-plugin-311-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2024-11-08T14:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scripts-organizer/scripts-organizer-30-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5160-improper-authorization-via-wcal_preview_emails</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sastra-essential-addons-for-elementor/sastra-essential-addons-for-elementor-free-elementor-addons-widgets-and-templates-1014-missing-authorization-to-spexo-theme-install</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mydecor/mydecor-159-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-lightbox-gallery/lightbox-slider-responsive-lightbox-gallery-1102-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-1955-sql-injection</loc>
<lastmod>2020-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustpilot-reviews/trustpilot-reviews-25925-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-291-information-exposure</loc>
<lastmod>2025-01-17T16:40:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbcode-deluxe/bbcode-deluxe-202008012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-product-stickers-for-woocommerce/custom-product-stickers-for-woocommerce-190-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-dealership-wordpress-classified-theme-223-insecure-direct-object-reference</loc>
<lastmod>2020-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67056-unauthenticated-sql-injection</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-salesforce-and-contact-form-7-wpforms-elementor-formidable-ninja-forms-143-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptools/wp-tools-341-missing-authorization-leading-to-authenticated-subscriber-authorization-bypass</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1144-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-monday/accesspress-themes-and-plugin-various-versions-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2021-10-06T19:17:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroller/scroller-202-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-4510-missing-authorization-to-translation-job-status-change</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sexylightbox/wp-sexylightbox-053-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-269-authenticated-contributor-sensitive-information-exposure-via-sg_content_template</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woorewards/myrewards-530-missing-authorization</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-25-cross-site-scripting</loc>
<lastmod>2014-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-634-reflected-cross-site-scripting</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-best-wordpress-seo-plugin-easily-improve-seo-rankings-increase-traffic-236-stored-cross-site-scripting</loc>
<lastmod>2016-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-website-creator/website-remote-install-vor-gravity-wpforms-formidable-ninja-caldera-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-1716-authentication-bypass-via-weak-otp</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelfic-toolkit/travelfic-toolkit-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-form-manager/form-manager-172-authenticated-remote-command-execution</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiemonster/cookie-monster-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-moneytizer/the-moneytizer-1009-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-pro/everest-forms-pro-1912-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-cross-site-request-forgery-via-migrateproductonlytocommon-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/ads-by-wpquads-adsense-ads-banner-ads-popup-ads-2084-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wordpress-plugin-for-google-maps-wp-maps-461-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-430-reflected-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cargus/cargus-158-unauthenticated-information-exposure</loc>
<lastmod>2026-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social/wp-social-login-and-register-social-counter-300-missing-authorization-to-unauthenticated-social-loginshare-status-update</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-t-wap/wp-t-wap-1132-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-booster/seo-booster-618-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/wpvivid-backup-and-migration-0968-missing-authorization</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attire-blocks/attire-blocks-196-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-394-unauthenticated-arbitrary-shortcode-execution-reflected-cross-site-scripting</loc>
<lastmod>2025-01-30T20:38:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/infinite-scroll-ajax-load-more-554-authenticated-admin-arbitrary-file-read-via-directory-traversal</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastunes/lastunes-361-cross-site-request-forgery</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-checkout-getnet/plugin-oficial-getnet-para-woocommerce-180-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-page-photo-gallery/facebook-page-photo-gallery-209-cross-site-scripting</loc>
<lastmod>2014-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-499-missing-authorization-via-listen</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soumettre-fr/soumettrefr-215-improper-authorization-to-unauthenticated-soumettre-posts-creationmodificationdeletion</loc>
<lastmod>2025-07-01T15:00:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-images-reloaded/comment-images-reloaded-221-authenticated-subscriber-arbitrary-media-deletion</loc>
<lastmod>2024-07-08T20:06:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tnit-filter-gallery-for-beaver-builder/tnit-filter-gallery-plugin-006-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menus-plus/menus-plus-196-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-2293-reflected-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-182-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lenix-scss-compiler/lenix-scss-compiler-12-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-573-unauthenticated-directory-traversal-to-local-file-inclusion</loc>
<lastmod>2025-10-02T22:17:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-2134-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-author-url/wp-custom-author-url-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olive-one-click-demo-import/olive-one-click-demo-import-112-authenticated-administrator-arbitrary-file-upload-in-olive_one_click_demo_import_save_file</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tenweb-speed-optimizer/10web-booster-website-speed-optimization-cache-page-speed-optimizer-21223-unauthenticated-sql-injection</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spatialmatch-free-lifestyle-search/spatialmatch-idx-309-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-176-sensitive-information-exposure-via-product-csv</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rlm-elementor-widgets-pack/rlm-elementor-widgets-pack-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-text-widget/enhanced-text-widget-165-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-fancy-lightbox/ari-fancy-lightbox-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-316-cross-site-request-forgery-to-settings-manipulation</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1173-cross-site-request-forgery</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qmean/qmean-wordpress-did-you-mean-and-search-suggestion-like-google-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharebar/sharebar-121-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edumall/edumall-447-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-for-wp-job-manager/custom-field-for-wp-job-manager-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tarteaucitron-js-self-hosted/wp-tarteaucitronjs-self-hosted-124-running-a-vulnerable-dependency</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elfsight-testimonials-slider/elfsight-testimonials-slider-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mww-disclaimer-buttons/mww-disclaimer-buttons-341-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-7892-unauthenticated-information-exposure</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-70-7010-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2026-06-08T19:07:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-missing-authorization-in-checkallcategoryinsitemap</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-312-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formatted-post/formatted-post-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-posts-carousel-pro/responsive-posts-carousel-pro-152-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-online-ada-418-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/confirm-user-registration/confirm-user-registration-215-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-801-missing-authorization-to-unauthenticated-post-trashing</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2426-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-17T21:35:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-262-authenticated-student-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-for-elementor-5110-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fd-elementor-button-plus/elementor-button-plus-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-simple-gallery/new-simple-gallery-80-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-191-authenticated-contributor-sensitive-information-exposure-via-get_image_description</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-1997-unauthenticated-arbitrary-shortcode-execution-via-re_filterpost</loc>
<lastmod>2025-09-05T13:04:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pakkelabels-for-woocommerce/shipmondo-a-complete-shipping-solution-for-woocommerce-503-missing-authorization-to-authenticated-customer-information-disclosure</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download-lite/subscribe-to-download-lite-129-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hara/hara-1217-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-faq/arconix-faq-194-missing-authorization</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-lms-course-builder-quizzes-certificates-218-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-product-feed-for-woocommerce/ctx-feed-woocommerce-product-feed-manager-6611-missing-authorization-to-authenticated-shop-manager-arbitrary-plugin-installation</loc>
<lastmod>2026-02-18T15:27:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-149-cross-site-request-forgery</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zenphotopress/zenphotopress-18-reflected-cross-site-scripting</loc>
<lastmod>2025-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-rosters/team-rosters-47-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-472-authenticated-directory-traversal-to-sensitive-information-exposure</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piwigopress/piwigopress-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxslider/maxslider-123-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flip-boxes/cool-flipbox-shortcode-gutenberg-block-183-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-youtube-shortcode/simple-youtube-shortcode-113-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:20:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/current-template-name/temptool-show-current-template-info-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-upload-images/auto-upload-images-33-cross-site-request-forgery</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-keep/email-keep-11-cross-site-request-forgery-to-email-deletion</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-more-tag/auto-more-tag-400-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hesabfa-accounting/hesabfa-accounting-218-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-comment-editing/comment-edit-core-simple-comment-editing-310-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/product-addons-fields-for-woocommerce-32018-unauthenticated-arbitrary-file-upload-via-ppom_upload_file</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-2212-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportflow/supportflow-06-cross-site-scripting-via-a-ticket-excerpt</loc>
<lastmod>2016-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mashsharer/social-media-share-buttons-383-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-checkout-regsiter-field-editor/woocommerce-checkout-field-editor-checkout-manager-218-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-converter-widget-pro/currency-converter-widget-pro-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-featured-images/quick-featured-images-1372-insecure-direct-object-reference-to-image-manipulation</loc>
<lastmod>2025-10-14T17:12:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-217-authenticated-admin-html-injection</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gb-gallery-slideshow/gb-gallery-slideshow-13-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-121-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6612-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lms-by-lifterlms-3350-stored-cross-site-scripting-via-import</loc>
<lastmod>2019-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social/wp-social-login-and-register-social-counter-313-missing-authorization-in-cache-rest-endpoints-to-social-counter-tampering</loc>
<lastmod>2025-12-04T21:44:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-link/copylink-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-7110-authenticated-contributor-stored-cross-site-scripting-via-ls_search_form-shortcode</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.5/wordpress-core-251-arbitrary-file-upload</loc>
<lastmod>2008-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifepress/lifepress-222-unauthenticated-stored-cross-site-scripting-via-n-parameter-via-lp_update_mds-ajax-action</loc>
<lastmod>2026-05-11T19:02:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-addons/shortcode-addons-with-visual-composer-divi-beaver-builder-and-elementor-extension-302-unauthenticated-arbitrary-options-update</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/under-construction-page/under-construction-396-cross-site-request-forgery-via-admin_action_install_weglot</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-carousel-slider/post-carousel-slider-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phppoet-checkout-fields/woocommerce-easy-checkout-field-editor-fees-discounts-3512-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cosmetsy-core/multiple-plugins-by-klbtheme-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-by-lisa-westlund/portfolio-plugin-105-cross-site-request-forgery</loc>
<lastmod>2015-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-notification-on-login/email-notification-on-login-161-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lingotek-translation/lingotek-translation-118-cross-site-scripting</loc>
<lastmod>2016-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-links/social-media-links-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-260-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-addons-for-elementor-page-templates-widgets-mega-menu-woocommerce-647-incorrect-authorization-to-authenticated-author-arbitrary-draft-post-creation-via-post_type</loc>
<lastmod>2026-02-18T00:04:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-google-cloud-print-gcp-woocommerce/bizprint-451-missing-authorization-in-showtemplatepreview</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popularis-extra/popularis-extra-126-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-plugin/adpush-143-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-for-cf7/database-for-cf7-124-missing-authorization-via-wpcf7db_delete-ajax-action</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social2blog/social2blog-02990-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cs-element-bucket/advanced-element-bucket-addons-for-elementor-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multistore-locator-251-unauthenticated-sql-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-71330-reflected-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/couponis-demo/couponis-demo-22-unauthenticated-sql-injection</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-woocommerce-wordpress-648-unauthenticated-information-disclosure-and-phar-deserialization-via-url-parameter</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thrive-theme/thrive-theme-builder-3240-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-qlean/the-qlean-212-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-3120-reflected-cross-site-scripting</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/weedles/weedles-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/wp-ultimate-exporter-291-authenticated-admin-remote-code-execution</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-11125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-331-cross-site-scripting</loc>
<lastmod>2012-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplistcal/wplistcal-135-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-192-authenticated-contributor-stored-cross-site-scripting-via-typeout-text-widget</loc>
<lastmod>2025-08-01T16:22:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-hotel-booking/awesome-hotel-booking-103-incorrect-authorization-to-unauthenticated-arbitrary-booking-modification</loc>
<lastmod>2026-01-06T20:40:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/world-travel-information/world-travel-information-100-reflected-cross-site-scripting</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-411-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eps-301-redirects/301-redirects-easy-redirect-manager-240-missing-authorization</loc>
<lastmod>2019-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-6189-cross-site-request-forgery</loc>
<lastmod>2024-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-305-unauthenticated-information-disclosure</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-image-collage/easy-image-collage-1136-authenticated-author-stored-cross-site-scripting-via-gridpropertiesbordercolor-and-gridimagesnattachment_url-parameters</loc>
<lastmod>2026-06-09T18:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11310-authenticated-contributor-sensitive-information-exposure-via-modal-popup</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rashy/rashy-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-513-insecure-direct-object-reference</loc>
<lastmod>2025-04-30T22:01:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fortis-for-woocommerce/fortis-for-woocommerce-131-unauthenticated-information-exposure</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-follow-up-emails/woocommerce-follow-up-emails-4940-cross-site-request-forgery</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-html_tag</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulgarisation-for-woocommerce/bulgarisation-for-woocommerce-3014-cross-site-request-forgery</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tourimo/tourimo-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-horizontal-reel-scroll-slideshow/image-horizontal-reel-scroll-slideshow-134-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-518-authentication-bypass</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-blood-request-management-system-191-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-csv-table/simple-csv-table-101-directory-traversal-to-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-12-11T19:26:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4144-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videojs-html5-player/videojs-html5-player-1111-authenticated-contributor-stored-cross-site-scripting-via-videojs_video-shortcode</loc>
<lastmod>2024-05-23T14:45:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-123-reflected-cross-site-scripting</loc>
<lastmod>2021-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials-showcase/testimonials-showcase-1916-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-kit-for-elementor-310-authenticated-contributor-stored-cross-site-scripting-via-sg_content_number_prefix-shortcode-attribute</loc>
<lastmod>2026-05-01T16:52:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-email-blacklist/cm-email-registration-blacklist-and-whitelist-148-cross-site-request-forgery</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/wpschoolpress-2236-missing-authorization</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-19163-login-page-disclosure</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4997-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-horizontal-posts-content-slider/carousel-horizontal-posts-content-slider-332-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-1152-authenticated-contributor-cross-site-scripting-via-ready-function</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-370-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-blocker/country-blocker-32-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-2021-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-protection/wp-content-protection-13-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revy/revy-118-unauthenticated-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serial-codes-generator-and-validator/serial-codes-generator-and-validator-with-woocommerce-support-277-cross-site-request-forgery-via-placeholder</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager/job-manager-0724-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-for-bike-car-resort-appointment-dress-equipment-260-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-security-hardening</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iloveimg/image-compressor-optimizer-iloveimg-105-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livesync/livesync-for-wordpress-10-cross-site-request-forgery-to-arbitrary-settings-update</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-revisions-delete/simple-revisions-delete-153-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/n360-splash-screen/n360-splash-screen-106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-checkup/site-checkup-ai-troubleshooting-with-wizard-and-tips-for-each-issue-147-unauthenticated-log-file-poisoning</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-wc-gallery/video-gallery-for-woocommerce-131-missing-authorization-to-unauthenticated-limited-file-deletion</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builderprofile-builder-pro-332-authenticated-blind-sql-injection</loc>
<lastmod>2020-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-209-missing-authorization</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bellows-accordion-menu/bellows-accordion-menu-142-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-affiliate-pro/ultimate-affiliate-pro-39-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-maps/html5-maps-1714-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-tweets/floating-tweets-101-directory-traversal</loc>
<lastmod>2013-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pubzinne/pubzinne-1012-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watchtowerhq/watchtowerhq-3101-authentication-bypass-to-administrator-due-to-missing-empty-value-check</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myqtip-easy-qtip2/myqtip-easy-qtip2-205-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-03-06T18:41:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1420-authenticated-contributor-stored-cross-site-scripting-via-limit</loc>
<lastmod>2025-04-16T22:33:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-widgets-suite/dashboard-widgets-suite-321-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-247-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipworks-e-commerce-bridge/shipworks-connector-for-woocommerce-525-cross-site-request-forgery-to-service-passwordusername-update</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-balloon/word-balloon-4192-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/optimole-422-unauthenticated-stored-cross-site-scripting-via-srcset-descriptor-parameter</loc>
<lastmod>2026-04-10T11:56:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-attempts-limit-wp/login-and-registration-attempts-limit-21-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-real-estate/easy-real-estate-229-unauthenticated-privilege-escalation</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/easycart-5811-unauthenticated-information-exposure</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fatal-error-notify/fatal-error-notify-152-missing-authorization-to-test-error-email-sending</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1531-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-collector-for-woocommerce/multiple-plugins-by-trustindexio-various-versions-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2023-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/adminify-4061-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webarx/webarx-130-firewall-bypass</loc>
<lastmod>2018-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171006-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-submissions-job-postings/resume-submissions-job-postings-252-arbitrary-file-upload</loc>
<lastmod>2012-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-125-cross-site-request-forgery-via-hs_update_ai_chat_settings-function</loc>
<lastmod>2025-06-05T17:48:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-products-to-wc/amazon-products-to-woocommerce-127-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-07-01T14:56:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-authenticated-admin-sql-injection-via-getfieldsforvisiblecombobox</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-217-path-traversal</loc>
<lastmod>2015-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/controlled-admin-access/controlled-admin-access-151-improper-access-control-privilege-escalation</loc>
<lastmod>2021-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profitori/the-e-commerce-erp-2113-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-woocommerce-product-reviews-with-multi-criteria-reminder-emails-google-reviews-schema-more-2210-incorrect-authorization-to-unauthenticated-information-exposure-and-data-manipulation</loc>
<lastmod>2026-03-22T16:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-datetime-change/bulk-datetime-change-111-missing-authorisation</loc>
<lastmod>2021-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-18-unauthenticated-cache-poisoning</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-236-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-06-27T11:08:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketking-multivendor-marketplace-for-woocommerce/marketking-ultimate-woocommerce-multivendor-marketplace-solution-1980-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toolbar-extras/toolbar-extras-for-elementor-more-wordpress-admin-bar-enhanced-149-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-21T16:45:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-users-email/send-users-email-151-unauthenticated-information-exposure</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-ai-free-models/ai-chatbot-free-models-customer-support-live-chat-virtual-assistant-165-unauthenticated-csv-injection</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discussion-board/discussion-board-257-missing-authorization</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-professional-products-tables-for-woocommerce-store-1061-cross-site-request-forgery</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slidorion/slidorion-102-authenticated-administrator-stored-cross-site-scripting-via-slidorion-settings</loc>
<lastmod>2026-02-18T15:53:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-remote-code-execution</loc>
<lastmod>2019-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-1721-missing-authorization-via-fw_delete_files</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-283-csv-injection</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-add-pages-or-posts/simple-add-pages-or-posts-200-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:45:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wip-woocarousel-lite/wip-woocarousel-lite-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-04T20:52:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sublanguage/sublanguage-29-missing-authorization</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/votecount-for-balatarin/votecount-for-balatarin-011-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-for-elementor/elementscss-addons-for-elementor-1087-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-519-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-wp-mail-smtp/free-wp-mail-smtp-10-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/search-analytics-for-wp-150-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/wp-cookie-consent-for-gdpr-ccpa-eprivacy-320-unauthenticated-stored-cross-site-scripting-via-client-ip-header</loc>
<lastmod>2024-06-25T11:22:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/showpass/showpass-wordpress-extension-403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nokri/nokri-job-board-wordpress-theme-163-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-07-11T16:27:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-index/post-index-075-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-sterrenspecialist/5sterrenspecialist-14-reflected-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-251-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-667-reflected-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-159-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-and-tickets-selling-plugin-for-woocommerce-wpevently-411-authenticated-contributor-php-object-injection-in-mep_event_meta_save</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-erp-business-solution/crm-erp-business-solution-113-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-visitor-stat/simple-visitor-stat-10-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-701-cross-site-scripting</loc>
<lastmod>2019-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-shortcode/soundcloud-shortcode-310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3104-sql-injection</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-769-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allpost-contactform/all-post-contact-form-180-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imember360/imember360-38012-39001-remote-code-execution</loc>
<lastmod>2014-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuts/nuts-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garees-flickr-feed/garees-flickr-feed-08-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-multiple-marker/add-multiple-marker-12-cross-site-request-forgery</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5-stars-rating-funnel/5-stars-rating-funnel-1253-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-temporary-login/wpbifrst-instant-passwordless-temporary-login-links-107-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-14T19:59:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-polls-surveys-more-313-cross-site-request-forgery</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/skyward/skyward-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-2513-unauthenticated-blind-sql-injection</loc>
<lastmod>2017-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-5102-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boot-modal/boot-modal-191-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-637-missing-authorization-to-unauthenticated-file-modification-via-simplefilelist_edit_job-ajax-action</loc>
<lastmod>2026-06-19T20:27:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fmoblog/fmoblog-21-sql-injection</loc>
<lastmod>2009-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9034-information-exposure-to-potential-denial-of-service</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/customify-theme/customify-048-missing-authorization</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relentlosoftware/styleai-104-missing-authorization</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-700-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-1204-authenticated-subscriber-csv-injection</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/option-editor/option-editor-10-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2025-02-17T15:48:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-social-link/sticky-social-link-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pop-up/pop-up-chop-chop-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-theme-options/simple-tracking-16-stored-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post-kit/ultimate-post-kit-addons-for-elementor-4021-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-2715-insecure-direct-object-reference</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raphicon/raphicon-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-128-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smallerik-file-browser/smallerik-file-browser-11-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-2985-unauthenticated-phar-deserialization</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-ajax-product-filters-for-woocommerce/dynamic-ajax-product-filters-for-woocommerce-137-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-08-27T17:44:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-123-missing-authorization-to-plugin-settings-changedelete-demo-import-directory-kit-deletion-via-wdk_admin_action</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms-review/buddyforms-moderation-1416-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basic-interactive-world-map/basic-interactive-world-map-27-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-theme/download-theme-109-cross-site-request-forgery-via-dtwap_download</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plotly/plotly-103-stored-cross-site-scripting</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-122-missing-authorization-to-job-posting-manipulation</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nestin/nestin-126-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-form-for-paypal-pro/payment-form-for-paypal-pro-1172-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-961-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lafka/lafka-multi-store-burger-pizza-food-delivery-woocommerce-theme-457-missing-authorization-to-authenticated-subscriber-demo-import</loc>
<lastmod>2025-03-04T21:09:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lessbuttons/lessbuttons-social-sharing-and-statistics-161-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-293-2-factor-authentication-bypass</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-or-faqs/accordions-235-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-aggregator/wp-event-aggregator-187-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-17T20:12:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-303-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-78-unauthenticated-php-object-injection</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/trendustry/trendustry-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-sidebar-widgets/video-sidebar-widgets-61-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/education-addon/education-addon-for-elementor-131-authenticated-contributor-insecure-direct-object-reference-via-naedu_elementor_template-shortcode</loc>
<lastmod>2025-02-18T19:29:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-870-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpantiddos/wp-antiddos-20-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-3920-cross-site-request-forgery</loc>
<lastmod>2024-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fade-slider/fade-slider-25-reflected-cross-site-scripting</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-424-authenticated-contributor-stored-cross-site-scripting-via-urcr_restrict-shortcode</loc>
<lastmod>2025-07-21T12:46:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-28-sensitive-information-disclosure</loc>
<lastmod>2009-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fb-autoconnect/wp-social-autoconnect-461-cross-site-request-forgery-via-jfb_admin_page</loc>
<lastmod>2023-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcd-google-maps/tcd-google-maps-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-lyrics-karaoke-player/html5-lyrics-karaoke-player-24-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/planyo-online-reservation-system/planyo-online-reservation-system-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-694-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-6724-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7515727-sql-injection</loc>
<lastmod>2022-03-18T16:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Vistered-Little/vistered-little-unspecified-version-cross-site-scripting</loc>
<lastmod>2007-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1374-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-734-reflected-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-image-by-pdfcrowd/save-as-pdf-by-pdfcrowd-321-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-635-authenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-hero/slider-hero-with-animation-video-background-intro-maker-826-sql-injection</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lgx-owl-carousel/owl-carousel-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pojo-forms/pojo-forms-147-authenticated-subscriber-arbitrary-shortcode-execution-via-form_preview_shortcode</loc>
<lastmod>2024-12-05T20:38:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-806-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace/photospace-gallery-235-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-password-and-role-manager/ldap_login_password_and_role_manager-1012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/appzend/appzend-126-authenticated-contributor-stored-cross-site-scripting-via-progressbarlayout-parameter</loc>
<lastmod>2025-07-28T22:43:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13974-authenticated-contributor-stored-cross-site-scripting-via-form-builder-widget</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sos-donate/wp-sos-donate-donation-sidebar-plugin-092-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-04T17:29:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-modern-events-calendar-bookings-and-tickets-332-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3183-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postalicious/postalicious-301-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-01-23T20:03:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-466-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3810-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-share-buttons-analytics-by-getsocial/social-share-buttons-analytics-plugin-getsocialio-4312-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-294-missing-url-scheme-validation-to-authenticated-subscriber-arbitrary-file-read-via-simpletranscribeaudio-and-get_audio-functions</loc>
<lastmod>2025-07-23T20:32:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/be-shortcodes/be-shortcodes-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infinite-slider/infinite-slider-201-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-116-cross-site-request-forgery</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consulting-elementor-widgets/consulting-elementor-widgets-142-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplebooklet/simplebooklet-pdf-viewer-and-embedder-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-addon-for-beaver-builder/powerpack-lite-for-beaver-builder-1305-reflected-cross-site-scripting-via-navigate-parameter</loc>
<lastmod>2024-12-16T11:57:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ut-elementor-addons-lite/ultra-addons-lite-for-elementor-119-authenticated-contributor-stored-cross-site-scripting-via-animated-text-field</loc>
<lastmod>2025-10-02T22:15:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11543-authenticated-administrator-sql-injection-via-name-parameter</loc>
<lastmod>2026-06-17T16:12:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-223-reflected-cross-site-scripting</loc>
<lastmod>2021-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapping-multiple-urls-redirect-same-page/mapping-multiple-urls-redirect-same-page-58-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator/store-locator-23-311-sql-injection</loc>
<lastmod>2014-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2021-arbitrary-file-upload</loc>
<lastmod>2018-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-kingcomposer/premium-addons-for-kingcomposer-111-missing-authorization-to-unauthenticated-arbitrary-custom-sidebar-creation-and-deletion-via-add_custom_sidebar-and-remove_custom_sidebar-ajax-actions</loc>
<lastmod>2026-06-29T16:17:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshowpro-shortcode/slideshowpro-sc-102-authenticated-contributor-stored-cross-site-scripting-via-album-shortcode-attribute</loc>
<lastmod>2026-04-21T19:02:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-viewstl/wp-viewstl-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-view-and-buy-now-for-woocommerce/direct-checkout-quick-view-buy-now-for-woocommerce-158-authenticated-shop-manager-stored-cross-site-scripting-via-custom-css-code</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2061-missing-authorization-to-unauthenticated-stored-cross-site-scripting-via-navigation-menu-widget</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-text-slider-50/wp-photo-text-slider-50-80-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-shortcodes/amr-shortcodes-17-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/earnware-connect/earnware-connect-1074-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:47:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1023-missing-authorization-to-arbitrary-post-author-modification-via-build-app-online-update-vendor-product-ajax-action</loc>
<lastmod>2026-03-20T15:10:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickcal/quickcal-1015-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-32-missing-authorization</loc>
<lastmod>2018-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-171-remote-file-inclusion</loc>
<lastmod>2011-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-missing-authorization</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-34-cross-site-request-forgery</loc>
<lastmod>2020-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs-manager/faqs-manager-10-cross-site-request-forgery</loc>
<lastmod>2013-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/style-manager/style-manager-227-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpm-news-api/news-publisher-autopilot-214-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svt-simple/svt-simple-101-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-420-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockie-extra/stockie-extra-1211-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth-client-for-user-authentication/oauth-client-single-sign-on-for-wordpress-oauth-20-sso-301-cross-site-scripting</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-users/email-users-475-reflected-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer/head-footer-and-post-injections-330-authenticated-administrator-php-code-injection-in-multisite-environments</loc>
<lastmod>2025-02-20T22:46:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-website-stats-made-easy-512-cross-site-scripting</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-and-food-ordering-2411-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hackrepair-plugin-archiver/the-hack-repair-guys-plugin-archiver-204-cross-site-request-forgery-to-arbitrary-directory-deletion-in-wp-content</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formsite/formsite-embed-online-forms-to-collect-orders-registrations-leads-and-surveys-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-page-or-post/duplicate-page-or-post-150-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sema-api/sema-api-364-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-142-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/urlyar/urlyar-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T19:47:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-2015-cross-site-scripting</loc>
<lastmod>2015-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-4253-reflected-cross-site-scripting</loc>
<lastmod>2013-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-title_size-parameter</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yr-activity-link/-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-bundle/wpc-product-bundles-for-woocommerce-731-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-list/authors-list-2061-authenticated-contributor-sensitive-information-exposure-via-limited-method-call-in-plugins-shortcode</loc>
<lastmod>2025-11-10T15:24:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-portfolio/premium-portfolio-features-for-phlox-theme-2310-unauthenticated-local-file-inclusion-via-argsextra_template_path</loc>
<lastmod>2025-11-04T21:46:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontiran/fontiran-21-missing-authorization-via-fi_add_rule-and-fi_delete_webfont_php</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-285-authenticated-subscriber-information-disclosure-and-phar-deserialization</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-professional-131-authenticated-admin-php-object-injection</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-all-in-one-62013-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pro-watermark/pro-bulk-watermark-plugin-for-wordpress-20-authenticated-subscriber-path-traversal</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-351-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-4917-authentication-bypass</loc>
<lastmod>2017-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-231-csv-injection</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-130-authenticated-contributor-stored-cross-site-scripting-via-vx-entries-shortcode</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-photo-gallery/photo-gallery-slideshow-masonry-tiled-gallery-1013-reflected-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-164-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-text-slider-on-post/content-text-slider-on-post-69-cross-site-scripting</loc>
<lastmod>2015-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/investi/investi-1026-authenticated-contributor-stored-cross-site-scripting-via-maximum-num-years-shortcode-attribute</loc>
<lastmod>2026-04-07T16:02:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-oauth-oidc-single-sign-on/wordpress-single-sign-on-sso-multiple-versions-incorrect-authorization-to-sensitive-information-exposure</loc>
<lastmod>2025-06-11T19:22:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/specific-content-for-mobile/specific-content-for-mobile-customize-the-mobile-version-without-redirections-0195-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-downloader/ebook-downloader-10-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T21:08:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anchor-smooth-scroll/anchor-smooth-scroll-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-240-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentitems/vikrentitems-flexible-rental-management-system-120-reflected-cross-site-scripting-via-delto-parameter</loc>
<lastmod>2025-12-11T19:11:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/akismet/akismet-314-cross-site-scripting</loc>
<lastmod>2015-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3129-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-144-authenticated-file-deletion</loc>
<lastmod>2015-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liquid-speech-balloon/liquid-speech-balloon-107-cross-site-scripting</loc>
<lastmod>2019-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatebud-properties-listings/estatebud-properties-listings-550-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_edit_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/websimon-tables/websimon-tables-134-reflected-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-scripts-control/luckywp-scripts-control-121-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-anywhere-plus/twitter-anywhere-plus-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tsb-occasion-editor/tsb-occasion-editor-121-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/post-expirator-494-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eltd-listing/elated-listing-14-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-easy-email-testing-mail-logging-2013-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-and-poll/wordpress-survey-poll-quiz-survey-and-poll-plugin-for-wordpress-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:05:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-2817-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-for-wp-job-manager/custom-field-for-wp-job-manager-14-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clock-in-portal/clock-in-portal-21-cross-site-request-forgery-to-staff-deletion</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igniteup/igniteup-coming-soon-and-maintenance-mode-340-cross-site-request-forgery</loc>
<lastmod>2019-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5161-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/korea-sns/korea-sns-164-cross-site-request-forgery-via-kon_tergos_options</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse/getresponse-forms-by-optin-cat-257-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:46:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aviary-image-editor-add-on-for-gravity-forms/aviary-image-editor-add-on-for-gravity-forms-30-beta-r7-arbitrary-file-upload</loc>
<lastmod>2015-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2794-authenticated-contributor-stored-cross-site-scripting-via-countdown</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-215-219-missing-authorization-to-authenticated-subscriber-account-takeoverprivilege-escalation-via-idonate_donor_profile-function</loc>
<lastmod>2026-02-18T16:32:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32828-authenticated-administrator-sql-injection-via-order-parameter</loc>
<lastmod>2026-05-28T19:36:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-148-cross-site-scripting</loc>
<lastmod>2017-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-for-mailchimp/block-for-mailchimp-easy-mailchimp-form-integration-1112-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customer-reviews/wp-customer-reviews-342-multiple-stored-cross-site-scripting</loc>
<lastmod>2020-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-acf-670-unauthenticated-missing-authorization-to-arbitrary-postpage-disclosure-via-ajax-field-query-parameters</loc>
<lastmod>2026-04-14T12:58:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/planso-forms/planso-forms-264-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliper-elementor/sliper-for-elementor-1010-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reverbnation-widgets/reverbnation-widgets-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-ninja/security-ninja-secure-firewall-secure-malware-scanner-5201-5242-authenticated-administrator-arbitrary-file-read</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3230-authenticated-contributor-stored-cross-site-scripting-via-forgot-password-shortcode</loc>
<lastmod>2025-02-14T20:08:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scss-wp-editor/scss-wp-editor-121-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-posts-to-subscribers/email-posts-to-subscribers-62-unauthenticated-sql-injection</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-travel-map/simple-travel-map-01-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dwt-listing/dwt-directory-listing-wordpress-theme-336-unauthenticated-arbitrary-user-password-reset</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-140-unauthenticated-sql-injection</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sk-wp-settings-backup/sk-wp-settings-backup-10-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-forms/mollie-forms-2613-cross-site-request-forgery-to-arbitrary-post-duplication</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verification-code-for-comments/verification-code-for-comments-210-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4328-missing-authorization-to-authenticated-subscriber-arbitrary-email-notification-triggering</loc>
<lastmod>2026-03-11T13:32:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-cufon/all-in-one-cufon-130-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4141-arbitrary-image-renaming</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-454-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-495-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rife-elementor-extensions/rife-elementor-extensions-templates-125-authenticated-contributor-stored-cross-site-scripting-via-writing-effect-headline-shortcode</loc>
<lastmod>2025-02-21T19:51:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-2160-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-superfaktura/superfaktura-woocommerce-1403-authenticated-subscriber-blind-server-side-request-forgery</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blog-post-layouts/wp-blog-post-layouts-113-authenticated-contributor-local-file-inlcusion</loc>
<lastmod>2024-06-20T12:56:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-14-143-sql-injection</loc>
<lastmod>2008-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-as-homepage/bp-profile-as-homepage-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion/blocksy-companion-2045-authenticated-contributor-stored-cross-site-scripting-via-svg-uploads</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aone-sms/service-finder-sms-system-200-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-31T13:51:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radius-blocks/radius-blocks-221-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-blocks/newspack-blocks-308-authenticated-contributor-arbitrary-directory-deletion</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emi-calculator/emi-calculator-11-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-2296-authenticated-contributor-stored-cross-site-scripting-via-legacy-image-widget</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitec-net-web-push-notifications/gravitecnet-web-push-notifications-2917-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-and-seo-booster/marketing-and-seo-booster-1910-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-09T13:28:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-1699-unauthenticated-sql-injection-via-order-and-append_where_sql-parameters</loc>
<lastmod>2026-01-14T10:13:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/equestrian-centre/equestrian-centre-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-showcase-pro/testimonial-slider-and-showcase-pro-217-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesking/salesking-1615-unauthenticated-privilege-escalation</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notification-for-telegram/notification-for-telegram-35-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code/ninjateam-header-footer-custom-code-12-authenticated-admin-stored-cross-site-scripting-via-css-styles</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-reading-library/my-reading-library-10-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mesmerize-companion/mesmerize-companion-16148-authenticated-contributor-stored-cross-site-scripting-via-mesmerize_contact_form-shortcode</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/note-press/note-press-0110-authenticated-admin-sql-injection-via-ids-parameter</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/membership-content-restriction-paid-member-subscriptions-241-sql-injection</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-31914-authenticatedcontributor-local-file-inclusion</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dady-real-time-web-stats/3dady-real-time-web-stats-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vn-calendar/vn-calendar-10-cross-site-scripting</loc>
<lastmod>2014-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-order-alert/order-notification-for-woocommerce-get-audio-alert-on-new-orders-363-unauthenticated-remote-code-execution</loc>
<lastmod>2026-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc1c-main/wc1c-0230-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:38:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-switch/wp-user-switch-110-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/donation-forms-by-charitable-17012-unauthenticated-privilege-escalation</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inext-woo-pincode-checker/inext-woo-pincode-checker-231-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-411-missing-authorization-to-private-and-password-protected-posts-information-disclosure</loc>
<lastmod>2025-08-15T19:18:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatplusjp/chatplusjp-102-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/niche-hero/niche-hero-beautifully-designed-blocks-in-seconds-105-authenticated-contributor-stored-cross-site-scripting-via-spacing-shortcode-attribute</loc>
<lastmod>2026-01-06T20:35:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-188-cross-site-scripting</loc>
<lastmod>2014-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-14111-missing-authorization-to-authenticated-subscriber-arbitrary-post-meta-modification-via-stm_mark_as_sold_car-parameter</loc>
<lastmod>2026-06-30T19:04:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricingtable/pricing-table-by-pickplugins-11210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-27T20:10:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/datalogics/datalogics-ecommerce-delivery-datalogics-2660-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booknetic/booknetic-40-414-cross-site-request-forgery</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mytube/mytube-playlist-203-reflected-cross-site-scripting-via-addplaylistid</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-google-spreadsheet-viewer/inline-google-spreadsheet-viewer-0132-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-115-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-icons/themify-icons-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polo-video-gallery/polo-video-gallery-best-wordpress-video-gallery-plugin-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate-pro/idonatepro-219-missing-authorization</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-lazy-load/a3-lazy-load-276-authenticated-contributor-stored-cross-site-scripting-via-video-element</loc>
<lastmod>2026-05-27T18:25:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2122-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uberSlider_ultra/uberslider-ultra-23-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safe-ai-malware-protection-for-wp/safe-ai-malware-protection-for-wp-1017-missing-authorization-to-unauthenticated-database-export</loc>
<lastmod>2025-01-30T00:29:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3822-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-28T16:21:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-5211-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-spinner/wordpress-auto-spinner-3250-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/all-in-one-floating-contact-form-211-authenticatedadministrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-stars-rating/freemius-sdk-259-reflected-cross-site-scripting-via-fs_request_get</loc>
<lastmod>2023-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/security-malware-scan-by-cleantalk-2120-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-codemirror-block/codemirror-blocks-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-2593-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-addon-for-elementor/events-addon-for-elementor-212-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buttoner-elementor/buttoner-for-elementor-106-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitformpro/bit-form-pro-264-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-post-view-counter/kento-post-view-counter-28-sql-injection</loc>
<lastmod>2016-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3132-authenticatedcontributor-arbitrary-post-type-creation-via-save_item</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-gutenberg-blocks-for-wordpress-woocommerce-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-811-woocommerce-blocks-1111-authenticated-contributor-stored-cross-site-scripting-via-featured-image-alt-attribute</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1283-missing-authorization-to-unauthenticated-private-reusable-block-disclosure-via-gspb_el_reusable_load</loc>
<lastmod>2026-03-06T11:20:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drivr-google-drive-file-picker/drivr-lite-google-drive-plugin-plugin-for-wordpress-101-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imember360/imember360-38012-39001-missing-authorization</loc>
<lastmod>2014-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-testimonial/super-testimonials-29-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0920-authenticated-contributor-information-exposure</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lupsonline-link-netwerk/seo-flow-by-lupsonline-221-unauthenticated-arbitrary-postcategory-modification</loc>
<lastmod>2026-02-03T19:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-2253-unauthenticated-email-disclosure</loc>
<lastmod>2024-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-fields-search/wp-custom-fields-search-0328-cross-site-scripting</loc>
<lastmod>2017-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-for-yandex-turbo/rss-for-yandex-turbo-129-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-footer-credit/remove-footer-credit-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-download/subscribe-to-download-209-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-testimonials-and-reviews-widget/social-proof-testimonials-and-reviews-by-repuso-501-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder-pro/cost-calculator-builder-pro-3167-unauthenticated-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edge/edge-209-authenticated-contributor-stored-cross-site-scripting-via-author-display-name</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-fake-notifications-and-social-proof-plugin-526-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinpoll/pinpoll-400-reflected-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/health-check/health-check-troubleshooting-123-missing-authorization-checks</loc>
<lastmod>2018-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-270-authenticatededitor-privilege-escalation</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wt-display-breeze/breeze-display-123-authenticated-contributor-stored-cross-site-scripting-via-cal_size-parameter</loc>
<lastmod>2025-04-24T09:50:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-lister-for-yumpu/epaper-lister-for-yumpu-140-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-284-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player-leaderboard/player-leaderboard-100-102-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-11T14:27:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/f4-tree/f4-post-tree-1118-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxpoll/cbx-poll-127-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/big-boom-directory/big-boom-directory-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T19:01:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tiles/wp-tiles-112-cross-site-request-forgery</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-79-stored-cross-site-scripting</loc>
<lastmod>2019-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leenkme/leenkme-260-stored-cross-site-scripting</loc>
<lastmod>2016-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captionpix/captionpix-18-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit-pro/wpbookit-pro-1618-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadcenter/wp-adcenter-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/educare/educare-students-result-management-system-143-cross-site-request-forgery</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncode-core/uncode-core-2942-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-download-manager/free-download-manager-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-duplicate-page/wp-duplicate-page-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-climate-strike-wp/digital-climate-strike-wp-100-malicious-redirect</loc>
<lastmod>2021-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/abundance/abundance-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dovetail/dovetail-1213-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nospampti/nospampti-21-sql-injection</loc>
<lastmod>2013-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/deepdigital/deepdigital-web-design-agency-wordpress-theme-102-reflected-cross-site-scripting</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-482-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-5582-missing-authorization</loc>
<lastmod>2022-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skyboot-portfolio-gallery/elementor-image-gallery-plugin-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/ai-scribe-seo-ai-writer-content-generator-humanizer-blog-writer-seo-optimizer-dalle-3-ai-wordpress-plugin-chatgpt-gpt-4o-128k-25-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-08T21:59:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/luxury-wine/luxury-wine-1114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-531-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1265-cross-site-scripting</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-142-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-509-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dark-mode/wp-markdown-editor-formerly-dark-mode-17-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-2080-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-views/advanced-views-display-posts-custom-fields-and-more-3719-authenticated-author-remote-code-execution-via-ssti</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-224-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-for-post-grid-249-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-speed-increaser/advanced-speed-increaser-221-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-248-authenticated-contributor-stored-cross-site-scripting-via-accordionfaq</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team/team-showcase-12215-stored-cross-site-scripting</loc>
<lastmod>2020-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jw-player-7-for-wp/jw-player-for-wordpress-233-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-53-reflected-cross-site-scripting-via-data</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinar-solution-create-liveevergreenautomatedinstant-webinars-stream-zoom-meetings-webinarignition-40332-unauthenticated-login-token-generation-to-authentication-bypass</loc>
<lastmod>2025-07-23T20:41:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dbmanager/wp-dbmanager-2791-directory-traversal-allowing-arbitrary-file-deletion</loc>
<lastmod>2018-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mts-url-shortener/url-shortener-by-mythemeshop-1017-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-retina-2x/wp-retina-2x-645-sensitive-information-exposure</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-catalog-enquiry/product-catalog-mode-for-woocommerce-502-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium-pro/wp-symposium-pro-1601-cross-site-scripting</loc>
<lastmod>2016-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-226-unauthenticated-information-exposure</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-14107-authenticated-subscriber-arbitrary-file-deletion-via-stm_dealer_logo_path-parameter</loc>
<lastmod>2026-05-13T18:03:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-pdf-using-contact-form-7/generate-pdf-using-contact-form-7-412-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-from/send-from-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/crm-wordpress-plugin-repairbuddy-38213-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21044-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-designer-pro/woocommerce-designer-pro-1924-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-filter-widget-for-elementor/product-filter-widget-for-elementor-106-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5160-improper-authorization-via-wcal_delete_expired_used_coupon_code</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/import-any-xml-or-csv-file-to-wordpress-324-sql-injection</loc>
<lastmod>2020-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheetdb/sheetdb-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theaisle/the-aisle-29-missing-authorization</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-42682-cross-site-request-forgery</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-836-authenticatedcontributor-stored-cross-site-scripting-via-widget-_id-attribute</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fast-cache/fast-cache-15-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-209-missing-authorization-checks</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-125-missing-authorization</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-before-download/email-before-download-36-smtp-header-injection</loc>
<lastmod>2017-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-login/all-in-one-box-login-201-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-nutrition-and-print-for-recipes-by-edamam/seo-nutrition-and-print-for-recipes-by-edamam-33-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptime-robot-monitor/uptime-robot-plugin-for-wordpress-23-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marekkis-watermark/marekkis-watermark-plugin-094-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-simple-wordpress-forms-plugin-160-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-16T16:01:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-accessible-event-ticketing-210-unauthenticated-information-exposure</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-product-in-a-post-plugin/amazon-product-in-a-post-522-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-side-data-storage-for-contact-form-7/admin-side-data-storage-for-contact-form-7-plugin-111-missing-authorization-to-unauthenticated-read-status-update</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpresidence-core/wpresidence-core-540-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-854-reflected-cross-site-scripting-via-category-editing</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5021-sql-injection</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-page-categories-and-tags/ninja-pages-142-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-133-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-market-for-woocommerce/wholesale-market-for-woocommerce-107-authenticated-administrator-arbitrary-file-download</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flattr/flattr-122-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-wp/forms-for-mailchimp-by-optin-cat-257-authenticated-editor-stored-cross-site-scripting-via-form-color-parameters</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-plus/reviews-plus-1214-denial-of-service</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-036-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rapidexpcart/rapidexpcart-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-funnel-builder-for-woocommerce-checkout-31505-authenticated-administrator-sql-injection</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/shortlinks-by-pretty-links-340-cross-site-request-forgery-via-route</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yawpp/yawpp-yet-another-wordpress-petition-plugin-122-cross-site-scripting</loc>
<lastmod>2015-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alt-text-generator/alt-text-generator-ai-auto-generate-bulk-update-alt-texts-for-images-183-missing-authorization-to-authenticated-subscriber-api-key-deletion</loc>
<lastmod>2025-11-11T19:11:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-580-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1511-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-3411-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-06-03T19:10:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catalog/spidercatalog-173-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9048-unauthenticated-cache-poisoning</loc>
<lastmod>2025-10-17T17:52:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahathat/ahathat-plugin-16-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/assembly/assembly-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4964-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3201-authententicated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-manager/quick-event-manager-974-missing-authorization-checks</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vbsso-lite/vbsso-lite-143-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pimp/pimp-creative-multipurpose-17-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscription-with-secure-captcha/easy-email-subscription-13-cross-site-request-forgery-to-arbitrary-subscriber-deletion</loc>
<lastmod>2025-11-05T15:20:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-upload-via-set_file</loc>
<lastmod>2025-05-23T14:33:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widget-content/dynamic-widget-content-136-authenticated-contributor-stored-cross-site-scripting-via-widget-content-field</loc>
<lastmod>2026-02-04T18:42:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tobel/tbel-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bunnys-print-css/bunnys-print-css-095-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-09T14:29:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-1141-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-html-mail/wordpress-email-template-designer-308-cross-site-request-forgery</loc>
<lastmod>2021-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-hide-login/lws-hide-login-218-protection-mechanism-bypass</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10240-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-when-you-need-more-than-just-a-contact-form-210-missing-authorization</loc>
<lastmod>2014-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22028-reflected-cross-site-scripting-via-rt</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hello-fse/hello-fse-106-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/cleantalk-anti-spam-spam-firewall-bot-protection-679-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-woocommerce/mailchimp-for-woocommerce-27-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2022-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-228-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-wordpress-blocks-plugin-317-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1180-cross-site-request-forgery-via-init</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-363-authenticated-sql-injection</loc>
<lastmod>2021-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-extra-cost/woocommerce-extra-cost-26-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smcountdown/sm-countdown-widget-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:23:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/quirky/quirky-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vietnam-checkout/woocommerce-vietnam-checkout-208-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-413-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-15T16:39:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-shortcode/custom-content-shortcode-401-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-generation/wp-wand-125-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anps_theme_plugin/anps-theme-plugin-111-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-wordpress-auction-plugin-427-missing-authorization-to-unauthenticated-email-creation</loc>
<lastmod>2024-07-26T13:11:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-donation/paytm-payment-donation-220-reflected-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registrations-for-the-events-calendar/registrations-for-the-events-calendar-2121-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-325-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-widget/rating-widget-320-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimatewoo/ultimatewoo-the-ultimate-woocommerce-plugin-with-unlimited-usage-0110-php-object-injection</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-quiz/ai-quiz-quiz-maker-11-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-05T19:32:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-1194-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amz-configurator-core/configurator-theme-core-147-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-23T19:36:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaguemanager/leaguemanager-37-multiple-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-archive-list-widget/js-archive-list-615-unauthenticated-sql-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-anything-slider/wp-anything-slider-91-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-mode-based-on-user-roles/conditional-maintenance-mode-for-wordpress-100-cross-site-request-forgery</loc>
<lastmod>2025-11-24T19:14:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolook/woolook-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpagecontact/wordpress-page-contact-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-bulkdelete-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/airtifact/airtifact-1291-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-jplayer/mp3-jplayer-1811-cross-site-scripting</loc>
<lastmod>2015-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-632-missing-authorization</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-1419-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-smart-filters/jetsmartfilters-363-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-236-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-video-gallery/wp-youtube-video-gallery-10-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-23T19:18:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartsoftbutton-widget-de-botones-de-chat/button-widget-smartsoft-101-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-archives/compact-archives-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-table-manager/simple-table-manager-156-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-352-stored-cross-site-scripting</loc>
<lastmod>2018-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blix/blix-091-and-blix-091-rus-cross-site-scripting</loc>
<lastmod>2007-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-zoom/image-zoom-188-cross-site-request-forgery</loc>
<lastmod>2022-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-file-changes-monitor/melapress-file-monitor-220-missing-authorization</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-bootstrap-collapse-aka-accordian-shortcode/twitter-bootstrap-collapse-aka-accordian-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tgg-wp-optimizer/tgg-wp-optimizer-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-minifier/all-in-one-minifier-32-unauthenticated-sql-injection</loc>
<lastmod>2025-09-10T18:49:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tuaug4/tuaug4-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-722-missing-authorization</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traffic-monitor/traffic-monitor-322-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-06-12T14:33:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-2013-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-video-gallery-free/wp-video-gallery-171-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-children/list-children-21-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/author-box-guest-author-and-co-authors-for-your-posts-molongui-474-information-exposure-via-ma_debug</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-202-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saragna-social-stream/saragna-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgform/google-forms-085-cross-site-scripting</loc>
<lastmod>2016-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fwduvp/ultimate-video-player-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-03-06T20:02:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-3286-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multimedial-images/multimedial-images-10b-authenticated-administrator-sql-injection</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tp-restore-categories-and-taxonomies/tp-restore-categories-and-taxonomies-101-missing-authorization-to-authenticated-subscriber-taxonomy-deletion-via-tpmcattt_delete_term-ajax-action</loc>
<lastmod>2026-04-21T19:08:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35133-missing-authorization-to-authenticated-contributor-slider-data-read-and-image-record-manipulation</loc>
<lastmod>2026-04-07T08:51:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-boost/social-share-boost-45-cross-site-request-forgery-via-syntatical_settings_content</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-dashboard/wp-stats-dashboard-294-authenticated-sql-injection</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-icon_color</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simplemail/wp-simplemail-106-cross-site-scripting</loc>
<lastmod>2012-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/name-directory/name-directory-1253-cross-site-request-forgery</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-activity-o-meter/wordpress-activity-o-meter-1-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-addons-for-elementor/elementor-ai-addons-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32825-missing-authorization-to-unauthenticated-arbitrary-data-deletion-via-delete-post-form-element</loc>
<lastmod>2026-01-08T18:45:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7611-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-flipbook/responsive-flipbook-plugin-wordpress-250-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:07:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-287-missing-authorization-to-information-disclosure-sd_db_specs</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-chatgpt-assistant/ai-chatbot-with-chatgpt-and-content-generator-by-ays-275-missing-authorization-to-unauthenticated-api-key-modification</loc>
<lastmod>2026-03-02T11:22:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-291-cross-site-scripting</loc>
<lastmod>2018-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-2640-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8808007-unauthenticated-arbitrary-shortcode-execution-via-getshortcodedrenderedfenodelay</loc>
<lastmod>2024-11-10T00:18:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-147-csv-injection-via-form-entry</loc>
<lastmod>2020-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-364-unauthenticated-sql-injection</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-1112-cross-site-request-forgery-to-gdpr-options-modification</loc>
<lastmod>2025-10-21T17:47:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-to-sorttable/csv-to-sorttable-42-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:11:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-2102-authenticated-privilege-escalation</loc>
<lastmod>2020-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crowdsignal-forms/crowdsignal-forms-172-missing-authorization</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/purity-of-soul/purity-of-soul-19-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-zen/coupon-zen-105-cross-site-request-forgery-to-plugin-activation</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-login-redirect/woocommerce-login-redirect-224-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wilmer-core/wilmer-core-245-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-09-08T17:14:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-856-missing-authorization-via-set_starred</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2202-authenticated-arbitrary-file-creation</loc>
<lastmod>2022-07-12T13:57:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-events/wp-simple-events-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-145-missing-authorization</loc>
<lastmod>2026-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-222-directory-listing-to-sensitive-information-disclosure</loc>
<lastmod>2023-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-finder/internal-link-optimiser-513-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4150-authenticated-contributor-stored-cross-site-scripting-via-reg-select-role-shortcode</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-shipping-for-woocommerce/conditional-shipping-for-woocommerce-231-cross-site-request-forgery</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-wordpress-forum-plugin-660-arbitrary-file-upload</loc>
<lastmod>2020-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-app-builder-for-tables-forms-charts-maps-dashboards-5570-unauthenticated-sql-injection</loc>
<lastmod>2026-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hpbseo/hpb-seo-plugin-for-wordpress-301-reflected-cross-site-scripting</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-events-manager/ovatheme-events-manager-186-missing-authorization</loc>
<lastmod>2025-11-07T15:22:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-editor/admin-menu-editor-112-cross-site-request-forgery-via-ajax_hide_hint</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppedia/glossary-by-wppedia-130-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-05-20T20:30:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-blog-designer-magazine-newspaper-website-builder-page-builder-with-posts-blocks-post-grid-183-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-newsletters/newspack-newsletters-2132-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tracking/order-tracking-344-missing-authorization</loc>
<lastmod>2026-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-popup/slick-popup-contact-form-7-popup-plugin-1714-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/boot-store/boot-store-164-reflected-cross-site-scripting</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-196-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/orchid-store/orchid-store-156-missing-authorization-to-authenticated-subscriber-limited-plugin-activation</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hockeydata-los/hockeydata-los-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-246-sensitive-information-exposure-via-purchased_products</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-2784-cross-site-scripting</loc>
<lastmod>2019-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-3145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio2-html5/responsive-html5-audio-player-pro-with-playlist-358-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/double-opt-in-for-download/double-opt-in-for-download-208-sql-injection</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-329-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-lightbox-gallery/lightbox-slider-responsive-lightbox-gallery-199-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-128-cross-site-request-forgery</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-invalid-click-protector/ad-invalid-click-protector-aicp-1252-reflected-cross-site-scripting-and-cross-site-request-forgery</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-central/wpcentral-150-improper-access-control-to-privilege-escalation</loc>
<lastmod>2020-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatewoo/automatewoo-571-cross-site-request-forgery</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-2018-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listeo-core/listeo-core-2019-reflected-cross-site-scripting</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soliloquy-lite/slider-by-soliloquy-281-authenticated-subscriber-information-disclosure-via-rest-api-endpoint</loc>
<lastmod>2026-05-21T19:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-embed-facebook/magic-embeds-312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-by-datafeedrcom/ads-by-datafeedrcom-113-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mypixs/mypixs-03-local-file-inclusion</loc>
<lastmod>2015-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/explara-events/explara-events-013-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-bar-elasticpress/debug-bar-elasticpress-210-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce/premmerce-1318-cross-site-request-forgery-via-runaction</loc>
<lastmod>2023-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moveto/moveto-62-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alert-me/alert-me-040-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-123-missing-authorization-to-plugin-cache-reset</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baqend/speed-kit-202-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-up/gift-up-gift-cards-for-wordpress-and-woocommerce-317-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1148-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-dictionary/terms-dictionary-151-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-3235-missing-authorization</loc>
<lastmod>2025-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hoo-addons-for-elementor/hoo-addons-for-elementor-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-image-gallery/image-gallery-block-create-and-display-photo-galleryphoto-album-107-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gp-notification-bar/notification-bar-sticky-notification-bar-sticky-welcome-bar-for-any-theme-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-202-cross-site-scripting</loc>
<lastmod>2006-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-balloon/word-balloon-4202-cross-site-request-forgery</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21442-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-12-11T15:11:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-and-responsive-cookie-consent/beautiful-cookie-consent-banner-2101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-198-cross-site-request-forgery-csrf-to-post-contents-modification</loc>
<lastmod>2025-03-09T16:20:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-survey/modal-survey-20201-unauthenticated-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/slash-wp/slash-wp-all-versions-multiple-vulnerabilities</loc>
<lastmod>2013-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-220-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bamazoo-button-generator/bamazoo-button-generator-10-authenticated-contributor-stored-cross-site-scripting-via-dgs-shortcode</loc>
<lastmod>2024-10-24T19:26:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cargo-shipping-location-for-woocommerce/cargo-shipping-location-for-woocommerce-56-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-1211-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-smtp/wp-mail-smtp-by-wpforms-133-unspecified-cross-site-scripting</loc>
<lastmod>2018-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-304-cross-site-request-forgery-to-account-takeover-via-rtcl_update_user_account</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatex/affiliatex-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-free-template-library-grid-carousel-table-parallax-animation-register-form-twitter-grid-553-authenticated-contributor-stored-cross-site-scripting-via-trailer-box-widget</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/couponapi/coupon-api-6212-authenticated-administrator-sql-injection-via-log_duration</loc>
<lastmod>2025-09-10T18:49:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-dashboard/material-dashboard-145-unauthenticated-privilege-escalation</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-elementor-addons-header-footer-builder-custom-font-custom-csswoo-widget-menu-builder-anywhere-elementor-shortcode-116-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-07-09T13:23:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1375-authenticated-contributor-stored-cross-site-scripting-via-lastudiokit-post-author-widget</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lu-radioplayer/luna-radio-player-6240124-unauthenticated-arbitrary-file-read</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-via-categories/related-posts-via-categories-212-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteseo/siteseo-seo-simplified-131-missing-authorization-to-authenticated-author-plugin-settings-update</loc>
<lastmod>2025-10-31T15:02:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-21-sql-injection</loc>
<lastmod>2013-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-guestmap/wp-guestmap-18-multiple-cross-site-scripting</loc>
<lastmod>2014-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-loginlogout/my-login-logout-plugin-24-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightweight-accordion/lightweight-accordion-1516-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-248-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-better-seo-and-uex-for-your-wp-site-313-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carousel-slider/carousel-slider-222-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-and-integrate-etsy-shop/embed-and-integrate-etsy-shop-104-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-photo-gallery/social-photo-gallery-10-remote-code-execution</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-unauthenticated-information-exposure</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting-via-title_tag</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-341-blind-sql-injection-via-start-parameter</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orangebox/orangebox-300-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-2429-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-browser/database-browser-144-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmaster-tools-verification/webmaster-tools-verification-12-missing-authorization-to-arbitrary-plugin-deactivation</loc>
<lastmod>2022-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-321-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-593-authenticated-contributor-stored-cross-site-scripting-via-podcast-rss-feed</loc>
<lastmod>2025-01-30T19:24:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelmap-blog/travel-map-103-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/freeio/freeio-1321-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-own-post/rate-own-post-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-108-insecure-direct-object-reference-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-21T22:24:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-10-authenticated-administrator-stored-cross-site-scripting-via-image-title</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makestories-helper/makestories-for-google-web-stories-303-authenticated-subscriber-arbitrary-file-download-and-server-side-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registration-magic-5018-reflected-cross-site-scripting</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/peachpay-payments-express-checkout-for-woocommerce-supports-stripe-paypal-square-authorizenet-11198-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-19T13:14:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-license-manager/software-license-manager-446-cross-site-request-forgery</loc>
<lastmod>2021-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8502005-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-by-supsystic/slider-by-supsystic-186-missing-authorization</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-917-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-713-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nv-slider/nv-slider-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-manager/advanced-post-manager-451-php-object-injection</loc>
<lastmod>2022-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smaily-for-wp/smaily-for-wp-315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-267-authenticated-author-stored-cross-site-scripting-via-svg-file</loc>
<lastmod>2024-08-26T18:00:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-business-reviews-rating/reviews-and-rating-google-my-business-414-missing-authorization</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3201-authenticated-contributor-dom-based-stored-cross-site-scripting-via-video_html_tag</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-canada-post/woocommerce-canada-post-shipping-283-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sola-testimonials/super-testimonials-300-authenticated-contributor-stored-cross-site-scripting-via-alignment-parameter</loc>
<lastmod>2024-09-25T21:21:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-for-wordpress/tnc-flipbook-1210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-wordpress-virtual-event-calendar-plugin-496-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-357-unprotected-rest-api-to-sensitive-information-disclosure</loc>
<lastmod>2021-09-22T15:21:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion_slider_pro/accordion-slider-pro-12-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial/testimonial-slider-2013-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-3617-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-user-registration-profiles-content-restriction-38410-missing-authorization</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viral-signup/viral-signup-21-unauthenticated-sql-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-330-server-side-request-forgery</loc>
<lastmod>2019-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-block-pack/block-collection-for-you-wp-block-pack-116-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1724-cross-site-scripting</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-slider/seo-slider-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-blvd-sliders/theme-blvd-sliders-125-reflected-cross-site-scripting</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-345-woocommerce-file-deletion</loc>
<lastmod>2018-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agency-toolkit/agency-toolkit-1023-unauthenticated-privilege-escalation</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-143-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/writer-helper/writer-helper-316-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-230-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-829-missing-authorization</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-tabs/wp-tabs-226-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pb-mailcrypt-antispam-email-encryption/pb-mailcrypt-310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/star-review-manager/star-review-manager-122-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudnet-sync/download-cloudnet360-320-reflected-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quantities-and-units-for-woocommerce/quantities-and-units-for-woocommerce-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-instagram/ht-feed-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-contact-form-widget/contact-form-widget-139-sensitive-information-exposure</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-gallery/file-gallery-1792-remote-code-execution</loc>
<lastmod>2014-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-806-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twispay/twispay-credit-card-payments-212-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-crm/houzez-crm-134-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-0716-authorization-bypass</loc>
<lastmod>2011-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-structuring-markup/json-structuring-markup-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-527-authenticated-admin-sql-injection</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-244-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-117-reflected-cross-site-scripting-via-post_id</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vice-versa/vice-versa-223-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logger-elementor/logger-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-415-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-info-card/wp-plugin-info-card-530-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/who-hit-the-page-hit-counter/who-hit-the-page-hit-counter-14143-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-multiple-marker/add-multiple-marker-12-missing-authorization-checks-to-settings-update</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4100-missing-authorization-to-unauthenticated-forms-and-campaigns-disclosure</loc>
<lastmod>2025-10-03T14:14:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversational-forms/conversational-forms-for-chatbot-118-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager-google-recaptcha-integration/affiliates-manager-google-recaptcha-integration-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonsimpleadmin/affiliate-super-assistent-151-cross-site-request-forgery-to-settings-update-and-cache-clearing</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/studiocart/studiocart-290-reflected-cross-site-scripting</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osomblocks/osom-blocks-121-authenticated-contributor-stored-cross-site-scripting-via-class_name-parameter</loc>
<lastmod>2025-06-26T19:06:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headline-analyzer/headline-analyzer-133-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-ada-form-builder/forms-ada-10-reflected-cross-site-scripting-via-p-parameter</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-338-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-0810-stored-cross-site-scripting</loc>
<lastmod>2015-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/katerio/katerio-magazine-151-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-102-insecure-direct-object-reference-to-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-309-authorization-bypass</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/benevolent/benevolent-134-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-timeline/post-timeline-241-missing-authorization</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firebox/firebox-popups-317-unauthenticated-sensitive-information-exposure-in-form_id-parameter</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-net-ads-manager/medianet-ads-manager-21013-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thebe/thebe-130-reflected-cross-site-scripting</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-pro-225-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-website-data/custom-website-data-22-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scoreboard-for-html5-game-lite/scoreboard-for-html5-games-lite-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T11:20:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-435-stored-cross-site-scripting</loc>
<lastmod>2015-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-renaming-on-upload/file-renaming-on-upload-251-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/4ecps-webforms/4ecps-web-forms-0217-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/gpt3-ai-content-writer-1812-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabbed-login/tabbed-login-widget-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-accordion/ultimate-accordion-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemes-sync/solid-central-300-stored-cross-site-scripting-via-packages</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-api-for-wp/custom-api-for-wp-422-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-with-thumbnail-slider/gallery-with-thumbnail-slider-60-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-3414-ip-address-spoofing</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-image-separator-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wyzi-business-finder/wyzi-social-directory-wordpress-theme-242-reflected-cross-site-scripting</loc>
<lastmod>2021-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-notebooks/pt-project-notebooks-100-113-missing-authorization-to-unauthenticated-privilege-escalation-via-wpnb_pto_new_users_add-function</loc>
<lastmod>2025-06-27T17:17:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-panel-for-category-and-products/category-and-products-accordion-panel-10-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-14T20:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogmine/blogmine-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spacer/spacer-306-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admission-appmanager/admission-appmanager-100-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laurent-core/laurent-core-241-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-mail-dashboard-widget/mini-mail-dashboard-widget-143-cross-site-scripting</loc>
<lastmod>2012-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/singsong/singsong-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-instagram/ht-feed-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-unauthenticated-post-meta-change</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit-pro/wpbookit-pro-1618-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tobel/tbel-modern-furniture-store-wordpress-theme-181-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abc-notation/abc-notation-613-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-495-unauthenticated-sql-injection-via-site_id</loc>
<lastmod>2025-11-23T16:21:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-91-php-object-injection-via-shortcode</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42411-unauthenticated-path-traversal-to-arbitrary-file-read-and-deletion-in-wfu_file_downloaderphp</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/residential-address-detection/residential-address-detection-254-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-webrtc-hls-rtsp-rtmp-6110-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-2810-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/wp-adminify-316-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virusdie/virusdie-113-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-200-missing-authorization</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/seventrees/seventrees-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-block/form-block-155-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-addons-140-widgets-for-elementor-1424-authenticated-contributor-stored-cross-site-scripting-via-image-scroller-widget-box-link</loc>
<lastmod>2026-02-26T18:19:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/velvet/velvet-theme-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-405-authenticated-contributor-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2026-02-26T19:24:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-free-ssl/wp-free-ssl-free-ssl-certificate-for-wordpress-and-force-https-127-missing-authorization</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/4-author-cheer-up-donate/4-author-cheer-up-donate-13-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-12-cross-site-scripting</loc>
<lastmod>2015-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wysija-newsletters/mailpoet-newsletters-previous-2610-cross-site-request-forgery</loc>
<lastmod>2014-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jiangqie-official-website-mini-program/jiangqie-official-website-mini-program-111-sql-injection</loc>
<lastmod>2021-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-custom-javascript/tc-custom-javascript-121-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearfy/clearfy-240-cross-site-request-forgery-to-update-notification-tampering</loc>
<lastmod>2026-01-08T17:24:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-157-cross-site-scripting</loc>
<lastmod>2011-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitekit/sitekit-16-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3634-reflected-cross-site-scripting</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2822-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitewide-notice-wp/sitewide-notice-wp-241-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leads-crm/leads-crm-2013-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revolut-gateway-for-woocommerce/revolut-gateway-for-woocommerce-497-missing-authorization</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-magnify/image-magnify-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:17:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-maker/contact-form-by-wd-1134-cross-site-request-forgery</loc>
<lastmod>2019-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/super-socializer-71352-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-154-reflected-cross-site-scripting</loc>
<lastmod>2015-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-1031-missing-authorization-to-authenticated-subscriber-quiz-results-deletion</loc>
<lastmod>2026-01-05T20:13:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-824-authenticated-editor-sql-injection</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reactions-lite/wp-reactions-lite-138-cross-site-request-forgery-via-ajax-action</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-5133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-addons-for-elementor/best-addons-for-elementor-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-399-insecure-direct-object-reference-to-authenticated-instructor-arbitrary-post-deletion-via-course-get-parameter</loc>
<lastmod>2026-05-12T17:18:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-best-addons-for-elementor-free-143-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-13T21:01:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-101-missing-authorization-to-unauthenticated-arbitrary-metadata-section-creation</loc>
<lastmod>2025-12-20T14:07:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-562-authenticated-contributor-stored-cross-site-scripting-via-testimonials-widget-settings</loc>
<lastmod>2024-08-21T12:38:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-ninja-forms/ninja-forms-google-sheet-connector-126-reflected-cross-site-scripting</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filestack-upload/filestack-official-210-reflected-cross-site-scripting</loc>
<lastmod>2024-12-13T15:59:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payday/payday-3313-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/essence/essence-11-reflected-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobs2careers/wp-talroo-24-reflected-cross-site-scripting</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-missing-authorization-to-captcha-setting-update</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melapress-login-security-premium/melapress-login-security-and-melapress-login-security-premium-210-missing-authorization-to-unauthenticated-arbitrary-user-deletion</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-127-unauthenticated-blind-sql-injection-via-order_by-parameter</loc>
<lastmod>2015-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myeasybackup/myeasybackup-109-directory-traversal</loc>
<lastmod>2012-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplepress/simplepress-68-reflected-cross-site-scripting-via-cookie-value</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-shortcode-buttons/easy-shortcode-buttons-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-373-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-215-missing-authorization</loc>
<lastmod>2014-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-simple-love/genesis-simple-love-20-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-elementor-addon/post-grid-elementor-addon-2018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/easy-pricing-tables-320-reflected-cross-site-scripting</loc>
<lastmod>2022-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-219-authenticated-contributor-stored-cross-site-scripting-via-smlsubform-shortcode</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-248-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2023-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unicamp/unicamp-271-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-1588-missing-authorization-to-authenticated-subscriber-user-data-retrieval</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seo-redirect-301/wp-seo-redirect-301-231-cross-site-request-forgery</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-awesome/demo-awesome-102-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-post-thumbnail/magic-post-thumbnail-336-reflected-cross-site-scripting</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-530-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-04-07T15:17:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opencart-product-display/opencart-product-display-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-636-missing-authorization</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-image/parallax-image-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-accordion-slider/responsive-accordion-slider-122-missing-authorization-to-authenticated-contributor-slider-update-via-resp_accordion_silder_save_images</loc>
<lastmod>2026-01-13T16:44:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audier-elementor/audier-for-elementor-109-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-lite-185-authenticated-contributor-stored-cross-site-scripting-via-alwaysauto-shortcode-attribute</loc>
<lastmod>2026-06-17T20:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-facebook-plugin/simple-like-page-153-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-cross-site-request-forgery-to-menu-template-creation</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-word-count/wp-word-count-324-missing-authorization-via-calculate_statistics</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-5981-unauthenticated-arbitrary-file-read</loc>
<lastmod>2019-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-drag-drop-import-for-csv-xml-excel-google-sheets-401-authenticated-administrator-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-expires-headers/add-expires-headers-optimized-minify-27-cross-site-request-forgery-via-placeholder</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-form-maker-popup-maker-woocommerce-blocks-post-blocks-post-carousel-combo-blocks-2280-authenticated-contributor-stored-cross-site-scripting-via-block-attribute</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-merger/wp-user-merger-152-authenticated-admin-sql-injection</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/esotera/esotera-1251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2973-missing-authorization</loc>
<lastmod>2026-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-video-management-system/simple-video-management-system-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-basic-105-sql-injection-via-id-parameter</loc>
<lastmod>2017-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-246-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-form-recaptcha/recaptcha-16-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-plugin-activation</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5430-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancybox-for-wordpress/fancybox-for-wordpress-302-333-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-721-unauthenticated-arbitrary-shortcode-execution-via-gamipress_ajax_get_logs-function</loc>
<lastmod>2025-01-21T22:27:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-courses/paid-memberships-pro-courses-for-membership-add-on-124-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-video-embedder/simple-video-embedder-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-uploader-for-contact-form-7-dragdrop-file-uploader-addon/drop-uploader-for-cf7-dragdrop-file-uploader-addon-241-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-blocks/wp-travel-gutenberg-blocks-351-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-bootstrap-cards/cards-for-beaver-builder-113-authenticated-contributor-stored-cross-site-scripting-via-cards-widget</loc>
<lastmod>2024-06-07T14:01:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-52-insecure-direct-object-reference-to-private-message-disclosure</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instabot/instabot-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gistpress/gistpress-302-cross-site-scripting</loc>
<lastmod>2020-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-223-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooreviews-importer/irivyou-221-cross-site-request-forgery-via-saveoptionsreviewsplugin</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/wp-membership-123-privilege-escalation</loc>
<lastmod>2015-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/satoshi/satoshi-20-arbitrary-file-upload</loc>
<lastmod>2014-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-1716-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-295-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-from-ftp/media-from-ftp-plugin-985-directory-traversal</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-project-management-task-management-tool-with-kanban-board-506-authenticated-subscriber-time-based-blind-sql-injection-via-project_search-parameter</loc>
<lastmod>2026-05-13T18:19:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-generator/featured-image-generator-131-missing-authorization-to-authenticated-subscriber-images-upload</loc>
<lastmod>2024-07-09T13:52:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-page-speed-booster-1398-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-5025-captcha-bypass-in-brute_math_authenticate</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-free-widgets-extensions-and-templates-2719-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-fonts/wp-google-fonts-314-reflected-cross-site-scripting</loc>
<lastmod>2021-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/richtexteditor/rich-text-editor-101-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2017-authenticated-cross-site-scripting</loc>
<lastmod>2018-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-failed-login-attempts/limit-login-attempts-spam-protection-53-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickcreator/quickcreator-ai-blog-writer-009-0117-unauthenticated-api-key-exposure</loc>
<lastmod>2025-10-23T19:38:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ureach/ureach-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartseo/smart-seo-40-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-auto-publish/wp-twitter-auto-publish-174-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-11-17T20:51:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/atahualpa/atahualpa-368-cross-site-scripting</loc>
<lastmod>2011-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-share-buttons-with-floating-sidebar/custom-share-buttons-with-floating-sidebar-41-stored-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/udraw/web-to-print-shop-udraw-333-unauthenticated-arbitrary-file-access</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-582-sql-injection</loc>
<lastmod>2020-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-gui/custom-post-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/any-post-slider/any-post-slider-104-authenticated-contributor-stored-cross-site-scripting-via-post_type-shortcode-attribute</loc>
<lastmod>2026-03-20T15:13:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-registration-forms/easy-registration-forms-211-authenticated-subscriber-information-disclosure-via-shortcode</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-425-sensitive-data-exposure</loc>
<lastmod>2014-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-user-listing/fancy-user-list-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cinerama/cinerama-a-wordpress-theme-for-movie-studios-and-filmmakers-24-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-payment-forms-builder-10176-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-woocommerce-builder-for-elementor-gutenberg-12-modules-all-in-one-solution-formerly-woolentor-287-authenticated-contributor-stored-cross-site-scripting-via-_id</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-tools/media-library-tools-140-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hreflang-tags-by-dcgws/hreflang-tags-lite-200-missing-authorization-to-data-reset</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vernissage/vernissage-129-arbitrary-options-update</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-addons/shortcode-addons-with-visual-composer-divi-beaver-builder-and-elementor-extension-312-authenticated-arbitrary-options-update</loc>
<lastmod>2022-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchpro/berqwp-176-unauthenticated-arbitrary-file-uplaod</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/megamenu/max-mega-menu-238-authenticated-cross-site-scripting</loc>
<lastmod>2017-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-612-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-244-reflected-cross-site-scripting</loc>
<lastmod>2017-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-for-create-and-sell-online-courses-435-authenticated-subscriber-payment-bypass-to-free-course-enrollment-via-quantity-parameter</loc>
<lastmod>2026-05-13T15:21:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rara-academic/rara-academic-122-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-products-widgets-for-elementor/woo-products-widgets-for-elementor-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wumii-related-posts/-1057-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-contact-vr/button-contact-vr-477-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11522-sensitive-information-exposure</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dark-mode-for-wp-dashboard/dark-mode-for-wp-dashboard-123-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-609-authenticated-cross-site-scripting</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-blocks/custom-block-builder-lazy-blocks-430-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-product-bundle/ovic-product-bundle-112-missing-authorization</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-340-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tree-website-map/tree-sitemap-pages-posts-categories-list-29-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-botkit-for-lead-generation/ai-botkit-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-3519-php-object-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-6701-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-views-query-and-display-post-page/content-views-post-grid-filter-recent-posts-category-posts-more-gutenberg-blocks-and-shortcode-370-authenticated-contributor-stored-cross-site-scripting-via-widget-post-overlay</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-shops-cart2/e-shops-104-reflected-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-table/quick-table-100-authenticated-contributor-stored-cross-site-scripting-via-style-shortcode-attribute</loc>
<lastmod>2026-05-11T19:02:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-proverb/daily-proverb-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/most-and-least-read-posts-widget/most-and-least-read-posts-widget-2518-cross-site-request-forgery-via-most_and_least_read_posts_options</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reactive-mortgage-calculator/reactive-mortgage-calculator-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hara/hara-1210-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-272-authenticated-arbitrary-options-update</loc>
<lastmod>2014-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanic/oceanic-1053-cross-site-request-forgery</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exertio/exertio-132-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1239-authenticated-administrator-csv-injection</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-area/wp-customer-area-822-reflected-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bellevuex/hotel-bed-and-breakfast-booking-calendar-theme-bellevue-422-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-294-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-missing-authorization</loc>
<lastmod>2022-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6132-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-auto-links/auto-amazon-links-amazon-associates-affiliate-plugin-543-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-11-10T15:23:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300266-unauthenticated-remote-code-execution</loc>
<lastmod>2025-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-log/user-login-log-222-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-catalogue/wp-catalogue-176-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-elementor-wordpress-beaver-builder-templates-3120-cross-site-request-forgery-in-add_to_favorite</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-113-stored-cross-site-scripting</loc>
<lastmod>2019-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-responsive-menu/eds-responsive-menu-12-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mma-call-tracking/mma-call-tracking-2315-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-02-10T20:08:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-144-authentciated-admin-multisite-privilege-escalation</loc>
<lastmod>2025-03-07T14:16:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-popup/woo-popup-122-reflecte-cross-site-scripting</loc>
<lastmod>2015-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-count-shortcode/woocommerce-cart-count-shortcode-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-249-cross-site-scripting</loc>
<lastmod>2015-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wp-crm-system-345-missing-authorization</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/for-the-visually-impaired/for-the-visually-impaired-058-cross-site-request-forgery-to-plugin-settings-changes</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-maps/maps-google-maps-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-and-noindex-nofollow/lionscripts-site-maintenance-noindex-nofollow-plugin-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-449-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-maintenance-mode-ready/ready-coming-soon-050-stored-cross-site-scripting-and-cross-site-request-forgery</loc>
<lastmod>2014-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-sheet-viewer/music-sheet-viewer-41-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-01-30T00:43:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tithely/tithely-giving-button-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazy-under-construction/eazy-under-construction-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-211-cross-site-request-forgery-in-void_cf7_opt_in_user_data_track</loc>
<lastmod>2023-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2112-reflected-cross-site-scripting</loc>
<lastmod>2021-10-21T16:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-redirect-manager/premmerce-redirect-manager-1012-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-social-share/kiwi-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-missing-authorization-in-wpfc_preload_single_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/ottokit-all-in-one-automation-platform-1127-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-webp-avif-cdn-image-optimization-3104-authenticated-administrator-stored-cross-site-scripting-via-api-url</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-3071-reflected-cross-site-scripting</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-218-authenticated-contributor-stored-cross-site-scripting-via-de-gallery-widget</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/democracy-poll/democracy-poll-54-cross-site-scripting</loc>
<lastmod>2017-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-translate/my-wp-translate-103-unprotected-ajax-actions</loc>
<lastmod>2017-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easy-pay-payment-and-donation-form-builder-for-square-4211-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tigris-flexplatform/tigris-flexplatform-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpful/helpful-4525-sensitive-information-disclosure</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/useful-tab-block-responsive-amp-compatible/useful-tab-block-responsive-amp-compatible-132-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-07-17T16:34:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-653-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75307210-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-1922-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extension-198-authenticated-contributor-stored-cross-site-scripting-via-a13_alt_link-parameter</loc>
<lastmod>2026-02-18T15:32:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/launcher/launcher-coming-soon-maintenance-mode-1011-stored-cross-site-scripting</loc>
<lastmod>2019-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha/wordpress-google-recaptcha-313-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11316-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/itwitter/itwitter-004-cross-site-scripting</loc>
<lastmod>2014-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-tags/media-tags-3202-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-57-missing-authorization-via-update_cdn_status</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/page-builder-gutenberg-blocks-coblocks-316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twenty20/several-wordpressorg-plugins-various-versions-injected-backdoor</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devrix-dark-site/dx-dark-site-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icestats/icestats-13-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-267-authenticated-contributor-stored-cross-site-scripting-via-cfspost_content</loc>
<lastmod>2024-06-11T16:19:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-717-authenticated-contributor-stored-cross-site-scripting-via-shortocde</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-featured-image/bulk-featured-image-122-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-607-authenticated-administrator-sql-injection-via-filterbyauthor-parameter</loc>
<lastmod>2025-11-12T16:46:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/automotive/automotive-listings-186-unauthenticated-sql-injection</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dh-local-seo/wordpress-local-seo-23-unauthenticated-sql-injection</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-image/parallax-image-19-authenticated-contributor-stored-cross-site-scripting-via-position-parameter</loc>
<lastmod>2024-11-18T23:53:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hypotext/hypotext-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsfirewall/rsfirewall-1145-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-wordpress-security-2253-authenticated-contributor-stored-cross-site-scripting-via-secupress_check_ban_ips_form-shortcode</loc>
<lastmod>2025-02-27T20:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/react-webcam/react-webcam-120-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-world-clock/ip2location-world-clock-119-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-sync-with-google-sheet-for-woocommerce/flexstock-3131-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branda-white-labeling/branda-white-label-branding-free-login-page-customizer-3429-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-06-19T11:05:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12027-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/institutions-directory/institutions-directory-133-reflected-cross-site-scripting</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpd-reduce-image-filesize/xpd-reduce-image-filesize-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-frames/custom-frames-101-authenticated-contributor-stored-cross-site-scripting-via-class-shortcode-parameter</loc>
<lastmod>2025-12-12T16:11:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-3710-login-page-disclosure-on-multi-site</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replace/replace-021-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-restriction/admin-menu-editor-104-reflected-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-feed-reader/multi-feed-reader-223-authenticated-sql-injection</loc>
<lastmod>2017-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-tables-generator-by-supsystic/data-tables-generator-by-supsystic-1991-missing-authorization-on-ajax-actions</loc>
<lastmod>2020-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-countdown/wp-custom-countdown-28-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightweight-and-responsive-youtube-embed/lightweight-and-responsive-youtube-embed-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-444-unauthenticated-stored-cross-site-scripting-via-cross-site-request-forgery</loc>
<lastmod>2023-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-confirmation-email/user-email-verification-for-woocommerce-330-unauthenticated-arbitrary-options-update</loc>
<lastmod>2019-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/r-animated-icon/r-animated-icon-plugin-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:22:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-445-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchazon/searchazon-14-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-3116-authenticatedsubscriber-privilege-escalation-via-update_page_option</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2229-reflected-cross-site-scripting</loc>
<lastmod>2021-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video_player_youtube_vimeo/youtube-vimeo-video-player-and-slider-38-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wealthco/wealthco-218-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/play-ht/playht-make-your-blog-posts-accessible-with-text-to-speech-audio-364-missing-authorization</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/files-download-delay/files-download-delay-106-missing-authorization-to-settings-reset</loc>
<lastmod>2022-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cliengo/cliengo-chatbot-304-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classified-ads-140-unauthenticated-settings-importexport</loc>
<lastmod>2019-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-per-product-for-woocommerce/currency-per-product-for-woocommerce-160-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fraction-theme/faction-111-arbitrary-options-update</loc>
<lastmod>2015-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-framework/swift-framework-2731-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-services/woocommerce-shipping-tax-224-stored-cross-site-scripting</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-title-counter/post-title-counter-11-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockdio-historical-chart/stockdio-historical-chart-281-reflected-cross-site-scripting</loc>
<lastmod>2020-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-webp-ico-upload/enable-svg-webp-and-ico-upload-113-authenticated-author-arbitrary-file-upload-via-ico-upload-bypass</loc>
<lastmod>2025-11-17T20:54:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/ali2woo-lite-344-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/legrand/legrand-217-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metorik-helper/metorik-reports-email-automation-for-woocommerce-171-cross-site-request-forgery</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translate-multilingual-sites-translatepress-275-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaverx-theme-support/weaver-xtreme-theme-support-630-authenticated-administrator-php-object-injection-via-imported-file</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-restaurant-listings/wp-restaurant-listings-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:18:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging-pro/wp-staging-pro-612-unauthenticated-information-exposure-via-getoutdatedpluginsrequest-function</loc>
<lastmod>2025-04-15T19:52:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-authenticated-administrator-stored-cross-site-scripting-via-navigation-menu-items</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attachment-manager/attachment-manager-212-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-17T17:03:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mywebcounter/mywebcounter-11-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-604-information-disclosure-via-rest-api</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xv-random-quotes/xv-random-quotes-141-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-free-and-pro-2711-reflected-cross-site-scripting</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sovratec-case-management/sovratec-case-management-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/woocommerce-products-vendor-2165-insecure-direct-object-reference-to-note-creation</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/okay-toolkit/okay-toolkit-23-reflected-cross-site-scripting</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery-search-galleries/nextgen-gallery-search-212-reflected-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-761-broken-password-mechanism</loc>
<lastmod>2021-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gAppointments/gappointments-1141-reflected-cross-site-scripting</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-appointments-booking-calendar-plugin-and-online-scheduling-plugin-1013-sql-injection</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/user-registration-user-profiles-login-membership-profilepress-formerly-wp-user-avatar-300-313-unauthenticated-privilege-escalation</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-163-missing-authorization-to-authenticated-subscriber-filter-updatesdeletions</loc>
<lastmod>2024-12-05T19:52:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-511-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-12-10T12:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/allwebmenus-wordpress-menu-plugin/allwebmenus-wordpress-menu-plugin-118-arbitrary-file-upload</loc>
<lastmod>2012-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-back-button/wp-back-button-113-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chronosly-events-calendar/chronosly-events-calendar-262-cross-site-request-forgery-via-plugin_settings_page</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-190-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/winger/winger-1016-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41056-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-9011006-authenticated-subscriber-stored-cross-site-scripting-via-wppa_user_upload</loc>
<lastmod>2025-10-03T14:09:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apollo13-framework-extensions/apollo13-framework-extensions-191-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-random-number-generator/extended-random-number-generator-11-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-02-03T19:30:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-forms/super-forms-drag-drop-form-builder-49700-arbitrary-file-upload</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mipl-wc-multisite-sync/mipl-wc-multisite-sync-115-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/report-broken-links/linksproblem-reporter-260-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-local-pickup-for-woocommerce/advanced-local-pickup-for-woocommerce-161-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-elearning-and-online-course-builder-for-wordpress-1133-authenticated-student-stored-cross-site-scripting-via-ask-a-question-functionality</loc>
<lastmod>2024-10-28T16:31:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-image/category-and-taxonomy-image-100-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallax-image/parallax-image-18-authenticated-contributor-stored-cross-site-scripting-via-dd-parallax-shortcode</loc>
<lastmod>2024-10-16T21:47:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/twenty-fifteen-theme-11-wordpress-core-422-cross-site-scripting-via-examplehtml</loc>
<lastmod>2015-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-bookshelves/library-bookshelves-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-without-featured-images/woocommerce-products-without-featured-images-01-cross-site-request-forgery</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-563-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-simplified-for-oap-members-only/membership-simplified-158-sql-injection</loc>
<lastmod>2017-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-880-892-reflected-cross-site-scripting-via-order-attribution</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-ninja-forms/gsheetconnector-for-ninja-forms-201-missing-authorization-to-authenticated-subscriber-system-information-exposure</loc>
<lastmod>2025-11-21T19:31:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatex/affiliatex-1393-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4192-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10235-missing-authorization-to-authenticated-contributor-arbitrary-schema-deletion</loc>
<lastmod>2025-02-12T16:21:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodbarber/goodbarber-1023-cross-site-request-forgery-via-admin_options</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickbank-storefront/clickbank-wordpress-plugin-storefront-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-theme-334-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2023-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/go_pricing/go-pricing-wordpress-responsive-pricing-tables-3319-missing-authorization-to-limited-privilege-granting</loc>
<lastmod>2023-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-for-campaign-monitor/campaign-monitor-for-wordpress-291-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-305-reflected-cross-site-scripting</loc>
<lastmod>2020-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-multi-marker/map-multi-marker-321-reflected-cross-site-scripting</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unite-gallery-lite/unite-gallery-lite-1761-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-plugin-294-unauthenticated-sql-injection</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bonbon/bonbon-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-221-missing-authorization-to-authenticated-student-arbitrary-course-announcement-modification</loc>
<lastmod>2026-06-26T17:55:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-190-blind-server-side-request-forgery-via-detailphp</loc>
<lastmod>2020-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anywhere-elementor/anywhere-elementor-127-sensitive-information-exposure</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-widget/image-slider-1190-arbitrary-file-deletion</loc>
<lastmod>2016-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/veda/veda-42-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51139-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-ratings/comments-ratings-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer-wp/error-log-viewer-by-wp-guru-1013-missing-authorization-to-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-01-06T16:47:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-wordpress-popup-builder-2201-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-11T17:15:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cleanfix/wp-cleanfix-562-missing-authorization-via-register</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-cross-site-request-forgery-via-press-this</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-sync/database-sync-05-reflected-cross-site-scripting</loc>
<lastmod>2015-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0109-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3100-reflected-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-smart-social-widget/meks-smart-social-widget-164-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seed-fonts/seed-fonts-231-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-spam/zero-spam-5210-admin-sql-injection</loc>
<lastmod>2022-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/ottokit-all-in-one-automation-platform-1123-unauthenticated-sql-injection</loc>
<lastmod>2026-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1504-cross-site-request-forgery-leading-to-settings-updates</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-154-unauthenticated-sql-injection</loc>
<lastmod>2025-11-18T17:29:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-614-cross-site-request-forgery-via-wpas_edit_reply_ajax</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc_clipboard/wpbakery-page-builder-clipboard-458-arbitrary-license-options-update</loc>
<lastmod>2021-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/useful-banner-manager/useful-banner-manager-161-cross-site-request-forgery</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postie/postie-1940-post-submission-spoofing-stored-cross-site-scripting</loc>
<lastmod>2020-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-invitations/wordpress-social-invitations-lite-1442-reflected-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapbox-for-wp-advanced/mapbox-for-wp-advanced-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3617-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pojo-accessibility/one-click-accessibility-310-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-arbitrary-file-upload</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enzy/enzy-164-reflected-cross-site-scripting</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-clover-gateway-by-zaytech/woocommerce-clover-payment-gateway-131-missing-authorization-via-callback_handler</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mrkv-vchasno-kasa/vchasno-kasa-103-missing-authorization-to-unauthenticated-invoice-generation</loc>
<lastmod>2025-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-direct-checkout-button/direct-checkout-button-for-woocommerce-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2730-unauthenticated-sensitive-information-exposure-via-ai_ajax</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-1285-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-05T08:57:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-cleverbakery/html5-radio-player-wpbakery-page-builder-addon-25-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/churel/churel-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgets-on-pages/widgets-on-pages-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-ai-content-generator-and-auto-poster-plugin-31150-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress/bbpress-264-unauthenticated-privilege-escalation</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13976-authenticated-author-stored-cross-site-scripting-via-svg-uploads</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tuning/tuning-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sinatra/sinatra-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1758-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-724-cross-site-request-forgery-to-local-js-file-inclusion</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-saleswizard-crm/official-saleswizard-crm-plugin-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-607-unauthenticated-csv-injection</loc>
<lastmod>2019-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yabp/yet-another-bolcom-14-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-menus/conditional-menus-120-reflected-cross-site-scripting</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/askapache-firefox-adsense/askapache-firefox-adsense-30-cross-site-request-forgery</loc>
<lastmod>2013-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-latest-posts/wp-latest-posts-507-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-addon-for-elementor/unlimited-addon-for-elementor-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vr-calendar-sync/vr-calendar-247-cross-site-request-forgery-to-calendar-sync</loc>
<lastmod>2025-06-26T19:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-2737-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-event-calendar/easy-event-calendar-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qc-simple-link-directory/simple-link-directory-1481-authentication-bypass</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-timer-block/countdown-timer-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slickquiz/slickquiz-1371-stored-cross-site-scripting</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soccer-engine-lite/soccer-engine-soccer-plugin-for-wordpress-112-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-forms/zoho-forms-301-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesmate-add-on/salesmate-add-on-for-gravity-forms-203-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cube-slider/cube-slider-12-authenticated-admin-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-5919-authenticated-contributor-dom-based-stored-cross-site-scripting-via-several-widgets</loc>
<lastmod>2024-05-09T19:27:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-invoice/wp-invoice-web-invoice-and-billing-410-insecure-direct-object-reference</loc>
<lastmod>2016-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/enjoy-social-feed-plugin-for-wordpress-website-622-missing-authorization-to-database-reset</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-about-author/wp-about-author-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-media-uploader/url-media-uploader-101-missing-authorization-to-authenticated-contributor-safe-file-upload</loc>
<lastmod>2025-12-11T14:28:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorsure/authorsure-23-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileviewer/fileviewer-22-cross-site-request-forgery</loc>
<lastmod>2021-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ect-product-carousel/ect-product-carousel-19-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cj-custom-content/cj-custom-content-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-slide-responsive-menu/side-slide-responsive-menu-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-11T14:48:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-spam-blacklist-227-cross-site-request-forgery-to-plugin-settings-change</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-301-sql-injection</loc>
<lastmod>2010-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directdownload/direct-download-for-woocommerce-116-local-file-inclusion</loc>
<lastmod>2017-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-985-reflected-cross-site-scripting-via-view-parameter</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-manager/simple-job-manager-11-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertplug/popup-plugin-for-wordpress-convertplus-3530-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zarzadzanie_kontem/zarzadzanie-kontem-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2012-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-240128-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-857-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hiweb-migration-simple/hiweb-migration-simple-2001-reflected-cross-site-scripting-via-new_domain-parameter</loc>
<lastmod>2026-06-01T19:44:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokbox/wordpress-rokbox-213-full-path-disclosure</loc>
<lastmod>2012-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginplus/loginplus-12-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-child-theme-generator/wp-child-theme-generator-111-missing-authorization-to-unauthenticated-child-theme-creationactivation</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viewmedica/viewmedica-embed-1415-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-01-06T15:39:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-272-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-795-limited-local-file-inclusion</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-deserialization-gadget</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onesignal-free-web-push-notifications/onesignal-web-push-notifications-380-missing-authorization-to-authenticated-subscriber-post-meta-deletion-via-post_id</loc>
<lastmod>2026-04-15T21:51:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-uploads/enable-svg-uploads-215-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-2321-php-object-injection</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-sitemap/simple-google-sitemap-16-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-advanced-gutenberg-blocks-1812-authenticated-contributor-stored-cross-site-scripting-via-align-and-uniqueid</loc>
<lastmod>2025-02-13T18:36:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-testimonial/client-testimonial-slider-20-authenticated-administrator-stored-cross-site-scripting-via-testimonial-heading-setting</loc>
<lastmod>2026-02-18T20:59:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3-video/s3-video-0983-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-booking-manager/wpbookingly-121-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15102-authenticated-admin-command-injection</loc>
<lastmod>2024-05-09T19:02:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-394-authenticated-instructor-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jack-well/jack-well-1014-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockmeister/blockmeister-block-pattern-builder-3110-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T17:59:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-puzzle-captcha/wp-forms-puzzle-captcha-41-captcha-bypass</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-table-wp/easy-pricing-table-wp-113-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-login-log/simple-login-log-113-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-2510-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-02-21T00:37:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-331-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-161-cross-site-request-forgery</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-611-cross-site-request-forgery-to-popup-status-change</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-456-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jayj-quicktag/jayj-quicktag-132-cross-site-request-forgery</loc>
<lastmod>2017-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoloblocks/zoloblocks-gutenberg-block-editor-plugin-with-advanced-blocks-dynamic-content-templates-patterns-2310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/eventcalendar-1094-authenticated-cross-site-scripting</loc>
<lastmod>2017-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/google-maps-easy-1933-stored-cross-site-scripting</loc>
<lastmod>2021-11-01T10:32:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-29230-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-control-manager/advanced-control-manager-for-wordpress-by-italystrap-2160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitytime/wp-sessions-time-monitoring-full-automatic-114-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-294-cross-site-request-forgery-to-account-takeover</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-and-scrollable-text/dropdown-and-scrollable-text-20-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-cats/fancy-cats-11-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4913-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobiloud-mobile-app-plugin/mobiloud-466-missing-authorization</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ungallery/ungallery-216-command-injection</loc>
<lastmod>2012-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplms_plugin/wplms-1998-reflected-cross-site-scripting</loc>
<lastmod>2025-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/axima-payment-gateway/pays-woocommerce-payment-gateway-26-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-sidebar-widget/video-url-1003-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T20:30:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-donate/wp-donate-20-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netgsm/netgsm-2971-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-226-missing-authorization</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-391-authentication-bypass</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-138-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2025-07-28T20:43:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-266-authenticated-contributor-server-side-request-forgery-in-import_wpforms</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchpro/berqwp-175-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-any-font/use-any-font-custom-font-uploader-627-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/di-themes-demo-site-importer/di-themes-demo-site-importer-12-cross-site-request-forgery</loc>
<lastmod>2025-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blrt-wp-embed/blrt-wp-embed-169-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faf/feedwordpress-advanced-filters-062-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-toolkit-for-wp-e-commerce/wp-e-commerce-store-toolkit-201-missing-authorization</loc>
<lastmod>2016-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2930-unauthenticated-stored-cross-site-scripting-via-consent-field-hidden-input</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytr-taksit-tablosu-woocommerce/paytr-taksit-tablosu-133-improper-authorization</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-295-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flipbook/flipbook-10-arbitrary-file-upload</loc>
<lastmod>2012-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-reviews-manager/ebay-dropshipping-and-affiliate-by-wooshark-156-unprotected-ajax-actions</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wordpress-shortcodes-plugin-shortcodes-ultimate-4100-directory-traversal</loc>
<lastmod>2017-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2110-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21449-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anual-archive/annual-archive-155-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-to-up/scroll-up-20-reflected-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yobazar/yobazar-167-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safetymails-forms/safetyforms-100-cross-site-request-forgery</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-cross-site-request-forgery-via-categorifyajaxrenamecategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/specific-content-for-mobile/specific-content-for-mobile-053-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-salesforce-crmperks/gravity-forms-salesforce-151-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-1118-reflected-cross-site-scripting</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-performance-lite/swift-performance-lite-23618-incorrect-authorization-to-authenticated-subscriber-settings-modification</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-login/wp-customize-login-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-2591-authenticated-subscriber-arbitrary-file-deletion-via-delete-parameter</loc>
<lastmod>2026-04-02T19:02:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-donate/wp-donate-14-unauthenticated-sql-injection-in-donate-displayphp</loc>
<lastmod>2023-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-notification-bar/wpfront-notification-bar-192-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zoner/zoner-real-estate-wordpress-theme-42-cross-site-scripting</loc>
<lastmod>2019-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-count-287-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-plugin-11668-reflected-cross-site-scripting-via-updraft_restore</loc>
<lastmod>2021-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-firewall-malware-scan-513-cross-site-scripting</loc>
<lastmod>2014-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yml-for-yandex-market/yml-for-yandex-market-530-authenticated-shop-manager-arbitrary-file-deletion</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-530-missing-authorization-to-arbitrary-password-reset</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-social-media-icons/sticky-social-media-icons-20-missing-authorization-via-ajax_request_handle</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzon/wpzon-amazon-affiliate-plugin-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/wp-google-map-180-missing-authorization</loc>
<lastmod>2021-12-08T12:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nuss/nuss-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-841-authenticated-contributor-stored-cross-site-scripting-via-marquee-text-widget-testimonials-widget-and-testimonial-slider-widgets</loc>
<lastmod>2024-07-03T14:51:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seur/seur-oficial-172-authenticated-arbitrary-file-download</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-503-path-traversal-and-local-file-inclusion</loc>
<lastmod>2019-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hostiko/hostiko-hosting-wordpress-whmcs-theme-301-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegance/elegance-24-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-venipak-shipping/shipping-with-venipak-for-woocommerce-1195-reflected-cross-site-scripting-via-venipak_labels_link</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-recent-comments-shortcode/surbma-recent-comments-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:46:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashnews/flash-news-all-versions-multiple-vulnerabilities</loc>
<lastmod>2013-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-types/custom-post-types-502-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-menu/wp-easy-menu-041-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdash-notes/wpdash-notes-135-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-11-22T15:10:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-reactions/post-and-page-reactions-105-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketking-multivendor-marketplace-for-woocommerce/marketking-2092-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-788-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3411-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-163-sql-injection</loc>
<lastmod>2020-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-26-authenticated-admin-sql-injection</loc>
<lastmod>2013-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-8317-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2026-02-14T14:34:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rk-responsive-contact-form/rk-responsive-contact-form-100-sql-injection</loc>
<lastmod>2017-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-6310-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-31T17:40:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1204-authenticated-contributor-stored-cross-site-scripting-via-popupid-parameter</loc>
<lastmod>2025-06-02T22:17:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-full-path-disclosure</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-featured-images/quick-featured-images-1373-authenticated-editor-sql-injection-via-delete_orphaned</loc>
<lastmod>2025-11-07T21:03:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nsc/nsc-10-prototype-pollution-to-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cool-yt-player/cool-yt-player-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:40:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-181-missing-authorization-to-settings-change</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1392-missing-authorization</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-144-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-lite-866-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1130-authenticated-accounting-manager-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplegmaps/simplegmaps-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nifty-coming-soon-and-under-construction-page/coming-soon-maintenance-mode-page-157-cross-site-request-forgery</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi/relevanssi-404-cross-site-scripting</loc>
<lastmod>2018-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-1612-stored-cross-site-scripting</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-526-missing-authorization-to-authenticated-subscriber-arbitrary-table-creation</loc>
<lastmod>2026-05-05T15:30:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-classifieds-plugin-217-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T19:06:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-210-unauthenticated-sql-injection</loc>
<lastmod>2024-06-19T12:20:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-8514-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-4231-sensei-pro-wc-paid-courses-42401240-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filebase/wp-filebase-download-manager-03003-remote-code-execution</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-742-cross-site-request-forgery-to-arbitrary-shortcode-execution</loc>
<lastmod>2025-07-20T19:03:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manuall-dofollow/smu-manual-dofollow-181-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cerato/cerato-2218-reflected-cross-site-scripting</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glossary-by-codeat/glossary-2226-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgs-core/pgs-core-590-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgancio/wpgancio-112-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:37:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-142-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-380-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-160-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/report-broken-links/linksproblem-reporter-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-woocommerce-checkout-field-editor/flexible-woocommerce-checkout-field-editor-201-missing-authorization</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Litho - Multipurpose Elementor WordPress Theme/litho-30-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-posts-order/my-post-order-1211-reflected-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshipper-commerce/eshipper-commerce-21612-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-wp-backup-migrate-restore-141-missing-authorization-to-unauthorized-backup-location-change</loc>
<lastmod>2020-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spamfree/wp-spamfree-anti-spam-2116-reflected-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-quickedit-fields/acf-quick-edit-fields-322-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0108-cross-site-request-forgery-via-create_file_db_manager</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-108-unauthenticated-stored-cross-site-scripting-via-wpb_user_name-and-wpb_user_email-parameters</loc>
<lastmod>2026-03-03T12:30:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-wordpress-media-library-folders-file-manager-651-missing-authorization-to-authenticated-author-global-folders-tampering</loc>
<lastmod>2025-12-15T02:12:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4252-cross-site-request-forgery-in-wfu_file_details</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rucy/rucy-044-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-1127-unauthenticated-ip-spoofing</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-135-blind-sql-injection</loc>
<lastmod>2017-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud-sso-single-sign-on/cloud-saml-sso-1019-missing-authorization-to-unauthenticated-settings-modification-via-set_organization_settings-action</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-gutenberg/gutenberg-forms-2283-authenticatedsubscriber-sensitive-information-disclosure</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0885-cross-site-request-forgery-via-page-to-wpfastestcacheoptions</loc>
<lastmod>2018-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/import-export-wordpress-users-and-woocommerce-customers-131-csv-injection</loc>
<lastmod>2018-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-215-219-missing-authorization-to-authenticated-subscriber-account-takeoverprivilege-escalation-via-idonate_donor_password-function</loc>
<lastmod>2025-11-06T15:38:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mfolio-lite/mfolio-lite-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skysa-official/skysa-app-bar-integration-104-cross-site-scripting</loc>
<lastmod>2011-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mutual-funds-data/mutual-funds-data-121-authenticated-contributor-stored-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-05-26T17:25:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cream-blog/cream-blog-217-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loggedin/loggedin-limit-active-logins-131-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:43:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16929-missing-authorization-to-unauthenticated-sensitive-information-exposure-via-settings-rest-api-endpoint</loc>
<lastmod>2026-03-12T19:14:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staff-directory-pro/staff-directory-plugin-36-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sis-handball/sis-handball-1045-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vandana-lite/vandana-lite-119-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/itempropwp/itemprop-wp-for-serpseo-rich-snippets-35201706131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pexels-free-stock-photos/pexels-free-stock-photos-122-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-payments/payment-gateway-per-product-for-woocommerce-327-reflected-cross-site-scripting</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2123-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/info-cards/info-cards-gutenberg-block-for-creating-beautiful-cards-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-byebye/spam-byebye-224-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-1233-cross-site-request-forgery-to-cross-site-scripting-via-action_authenticate_storage</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-contest/video-contest-wordpress-plugin-32-cross-site-request-forgery</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/announcer/announcer-notification-message-bars-60-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19953-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-like-dislike/post-like-dislike-10-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-06T20:32:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-270-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctt-expresso-para-woocommerce/ctt-expresso-para-woocommerce-3211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2716-authenticated-contributor-sensitive-information-exposure-via-get_users-function</loc>
<lastmod>2025-12-12T19:57:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sandbox/sandbox-04-missing-authorization-to-authenticated-subscriber-sandbox-download</loc>
<lastmod>2025-01-16T18:24:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-elementor-widgets/masterstudy-elementor-widgets-122-missing-authorization</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-teaser/post-teaser-415-cross-site-request-forgery</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wp-page-to-static-htmlcss-222-open-redirect</loc>
<lastmod>2024-06-19T12:17:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumb-simple/breadcrumb-simple-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-oauth-authentication-315-pseudorandom-number-generation</loc>
<lastmod>2015-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-chat/click-to-chat-wp-support-all-in-one-floating-widget-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-rfq-for-woocommerce/np-quote-request-for-woocommerce-19179-insecure-direct-object-reference-to-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-03-19T22:42:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce/wishlist-for-woocommerce-multi-wishlists-per-customer-312-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lets-box/lets-box-1153-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-woocommerce-search/smart-woocommerce-search-250-missing-authorization</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1581-reflected-cross-site-scripting</loc>
<lastmod>2015-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventlist/event-list-204-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-08-25T19:03:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-registration-and-profile-form-builder-frontend-editor-buddyforms-easy-wordpress-forms-227-sql-injection</loc>
<lastmod>2018-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-960-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workreap/workreap-freelance-marketplace-and-directory-wordpress-theme-222-arbitrary-file-upload</loc>
<lastmod>2021-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-marketplace-woocommerce-multivendor-marketplace-solution-4111-authenticated-contributor-stored-cross-site-scripting-via-hover_animation-parameter</loc>
<lastmod>2024-06-05T20:34:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-calendar/quick-event-calendar-149-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-custom-registration-form-login-form-and-user-profile-413-insecure-direct-object-reference-to-authenticated-subscriber-user-password-update</loc>
<lastmod>2025-04-11T17:44:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-form-builder/wa-form-builder-11-sql-injection</loc>
<lastmod>2016-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goto/goto-tour-travel-wordpress-theme-21-reflected-cross-site-scripting</loc>
<lastmod>2021-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-warranty/woocommerce-warranty-requests-219-missing-authorization</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-213-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-product-by-category-name/featured-product-by-category-name-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-wordpress-tables-table-charts-plugin-2127-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-04T07:05:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kriya/kriya-34-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breaking-news-wp/breaking-news-wp-13-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-1791-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-3101-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmca-watermarker/dmca-watermarker-11-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-monday/accesspress-themes-and-plugin-various-versions-cross-site-request-forgery</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-207-insufficient-authorization-via-x-wemail-user-header-to-sensitive-information-disclosure</loc>
<lastmod>2026-01-19T15:57:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-1134-cross-site-request-forgery-to-local-file-inclusion</loc>
<lastmod>2019-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-426-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/todo-custom-field/todo-custom-field-304-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vertical-image-slider/wordpress-vertical-image-slider-plugin-1216-reflected-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epoll-wp-voting/wp-poll-maker-31-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-create-native-android-ios-apps-on-the-cloud-4153-unauthorized-user-registration</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-1-wordpress-booking-plugin-29954-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-20T15:05:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-enricher/icons-enricher-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-1996-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-maker/events-maker-by-dfactory-1614-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-203-reflected-cross-site-scripting</loc>
<lastmod>2019-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-emberdder/document-embedder-204-insecure-direct-object-reference-to-authenticated-author-arbitrary-document-library-entry-deletion</loc>
<lastmod>2026-01-27T19:18:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nimbata-call-tracking/nimbata-call-tracking-172-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/support-plus-responsive-ticket-system-710-insecure-direct-object-reference</loc>
<lastmod>2016-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riaxe-product-customizer/riaxe-product-customizer-212-unauthenticated-arbitrary-user-deletion-via-user_id-parameter</loc>
<lastmod>2026-04-15T16:45:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippets/post-snippets-4019-authenticated-administrator-stored-cross-site-scripting-via-import</loc>
<lastmod>2026-05-28T13:41:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creta-testimonial-showcase/creta-testimonial-showcase-123-authenticated-editor-local-file-inclusion</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-322-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-thickbox/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-thickbox-javascript-library</loc>
<lastmod>2025-07-03T00:20:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-404-error-page-to-homepage-or-custom-page/redirect-404-error-page-to-homepage-or-custom-page-with-logs-187-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41163-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2026-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-font-awesome/wp-font-awesome-179-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-2131-2132-authenticated-author-arbitrary-file-upload-via-race-condition</loc>
<lastmod>2025-12-02T14:05:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coreactivity/coreactivity-activity-logging-for-wordpress-30-unauthenticated-php-object-injection-via-user_agent-log-meta-field</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/remons/remons-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tayori/tayori-form-129-reflected-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formilla-edge/formilla-edge-10-authenticated-administrator-cross-site-scripting-via-formillapluginid</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyan-backup/cyan-backup-252-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/application-passwords/application-passwords-013-reflected-cross-site-scripting-via-reject_url</loc>
<lastmod>2025-12-05T17:41:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/woocommerce-wishlist-187-unauthenticated-wishlist-disclosure-via-download_pdf_file-function</loc>
<lastmod>2025-01-29T20:16:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-415-missing-authorization-in-migrateproductonlytocommon-function</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-expires-headers/add-expires-headers-optimized-minify-320-missing-authorization</loc>
<lastmod>2026-01-09T10:51:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suredash/suredash-community-courses-member-dashboard-180-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-email-assign-templates/bp-email-assign-templates-15-reflected-cross-site-scripting</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-306-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-uploader/frontend-uploader-094-cross-site-scripting</loc>
<lastmod>2014-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-post-shortcode/latest-post-shortcode-1420-missing-authorization</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edoc-easy-tables/edoc-easy-tables-129-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21128-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-432-missing-authorization-to-authenticated-shop-manager-arbitrary-options-update-via-yaymail_import_state-ajax-action</loc>
<lastmod>2026-02-17T18:41:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-326-cross-site-scripting</loc>
<lastmod>2013-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-377-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-2811-authenticated-subscriber-server-side-request-forgery-via-wpematico_test_feed</loc>
<lastmod>2025-11-04T17:38:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5922-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/macro-admin-email-data-optin-calculator/macro-calculator-with-admin-email-optin-data-10-unauthenticated-information-disclosure</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-delivery-date-for-woocommerce-lite/product-delivery-date-for-woocommerce-lite-320-missing-authorization</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-youtube-subs/get-youtube-subs-35-authenticated-contributor-stored-cross-site-scripting-via-subscribe_link_att-function</loc>
<lastmod>2025-07-23T20:40:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-graph-metabox/open-graph-metabox-144-cross-site-request-forgery</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-crm-invoices-free/wp-smart-crm-invoices-free-187-stored-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-132-reflected-cross-site-scripting-via-datef</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-1106-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emberlyn/emberlyn-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartseo/smart-seo-29-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-702-authenticated-sql-injection</loc>
<lastmod>2018-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity/user-activity-101-ip-address-spoofing</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-slider/yoo-slider-image-slider-video-slider-200-cross-site-request-forgery</loc>
<lastmod>2022-03-21T21:17:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-wordpress-cache-plugin-2221-missing-authorization-to-cache-deletion</loc>
<lastmod>2026-02-18T15:43:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-20-273-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2016-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weberino-timed-quiz-creator/weberino-timed-quiz-060-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quote-o-matic/quote-o-matic-105-authenticated-administrator-sql-injection</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-332-cross-site-request-forgery</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thumbnail-grid/featured-image-thumbnail-grid-68-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coding-blocks/coding-blocks-110-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-11T14:26:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/export-and-import-users-and-customers-262-authenticated-administrator-server-side-request-forgery-via-validate_file-function</loc>
<lastmod>2025-03-21T23:15:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webmention/webmention-580-unauthenticated-stored-cross-site-scripting-via-mf2-photourl-author-properties</loc>
<lastmod>2026-06-30T06:04:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-roles-at-registration/wp-roles-at-registration-023-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1066-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-page-scroll-updown-buttons/smooth-scroll-page-updown-buttons-13-admin-stored-cross-site-scripting</loc>
<lastmod>2021-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-email-marketing-newsletters-automation-for-wordpress-woocommerce-5717-missing-authorization</loc>
<lastmod>2024-05-22T16:40:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maz-loader/maz-loader-preloader-builder-for-wordpress-140-cross-site-request-forgery</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-vault-wp-firewall/two-factor-authentication-formerly-ip-vault-21-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-05-26T17:22:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mins-to-read/mins-to-read-122-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replace-image/replace-image-1110-insecure-direct-object-reference</loc>
<lastmod>2024-06-18T14:34:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mobile-detector/wp-mobile-detector-35-arbitrary-file-upload</loc>
<lastmod>2016-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibe/web-accessibility-by-accessibe-25-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitor-analytics-io/twipla-visitor-analytics-io-120-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/writeprint-stylometry/writeprint-stylometry-01-reflected-cross-site-scripting-via-p-parameter</loc>
<lastmod>2026-03-17T18:39:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-event/ht-event-146-reflected-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-elementor-addons/better-elementor-addons-138-missing-authorization</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-orders-tracking/orders-tracking-for-woocommerce-125-authenticated-administrator-directory-traversal-via-file_url</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-wordpress-data-table-dynamic-tables-table-charts-plugin-3422-reflected-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hoverex/hoverex-cryptocurrency-ico-elementor-template-kit-1510-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cafe-lite/clever-addons-for-elementor-2015-stored-cross-site-scripting</loc>
<lastmod>2021-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blanka-wp/blanka-one-page-wordpress-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-970-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-727-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-09-16T17:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-analyticsjs-local/caos-418-admin-arbitrary-folder-deletion-via-path-traversal</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29950-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-09-06T23:03:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookly-responsive-appointment-booking-tool/bookly-2171-arbitrary-file-deletion</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-notes/simple-post-notes-176-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-169-cross-site-request-forgery</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/wordpress-poll-maker-plugin-546-authenticated-administrator-time-based-sql-injection</loc>
<lastmod>2024-11-08T18:27:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-record/audio-record-10-arbitrary-file-upload</loc>
<lastmod>2019-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-326-authenticated-contributor-stored-cross-site-scripting-via-qs_date-shortcode</loc>
<lastmod>2025-10-17T17:48:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-2118-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-in-page/posts-in-page-124-authenticated-directory-traversal-leading-to-local-file-inclusion</loc>
<lastmod>2017-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-customizable-contact-forms-survey-quiz-conversational-form-builder-6114-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-180-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-builder/ht-builder-wordpress-theme-builder-for-elementor-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrytimer/hurrytimer-an-scarcity-and-urgency-countdown-timer-for-wordpress-woocommerce-292-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-216-reflected-cross-site-scripting</loc>
<lastmod>2016-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-wordpress-business-directory-plugin-or-classified-directory-2348-authenticated-contributor-stored-cross-site-scripting-via-gd_single_tabs-shortcode</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-fitness-testimonials/awesome-fitness-testimonials-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-3041-cross-site-scripting</loc>
<lastmod>2012-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/off-canvas-sidebars/off-canvas-sidebars-menus-slidebars-0581-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinfirex/optinferex-plugin-all-known-versions-cross-site-scripting</loc>
<lastmod>2013-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourmaster/tourmaster-541-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-611-insecure-direct-object-reference-to-subscriber-ticket-export</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meetinghub/meetinghub-1239-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-addons/shortcode-addons-325-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20190312-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2019-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/itok/itok-1142-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwoo-widgets-for-elementor/jetwidgets-for-elementor-and-woocommerce-117-authenticated-contributor-limited-local-file-inclusion</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comparison-slider/comparison-slider-105-cross-site-request-forgery</loc>
<lastmod>2024-05-29T19:51:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-322-authenticated-seller-sql-injection</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundpress/soundpress-plugin-220-stored-cross-site-scripting</loc>
<lastmod>2019-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-toggles/wp-easy-toggles-190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T20:38:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-2316-missing-authorization</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-187-cross-site-scripting</loc>
<lastmod>2015-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-easiest-most-advanced-wordpress-plugin-for-google-maps-404-cross-site-scripting</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appbanners/appbanners-1514-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-fields/magic-fields-1-171-cross-site-scripting-via-rccwp_createcustomfieldpagephp-custom-field-css-parameter</loc>
<lastmod>2019-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-map-by-saedi/svg-map-plugin-100-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2026-01-06T19:40:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-svg-elementor/elementor-inline-svg-120-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-09T13:29:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapplic-lite/mapplic-lite-and-mapplic-various-versions-server-side-request-forgery-to-cross-site-scirpting</loc>
<lastmod>2012-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-261-cross-site-request-forgery</loc>
<lastmod>2016-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manage-notification-emails/manage-notification-e-mails-182-cross-site-request-forgery-to-plugin-options-update</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/civi/civi-job-board-freelance-marketplace-wordpress-theme-214-authentication-bypass-via-password-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-post-grid-blocks-305-reflected-cross-site-scripting-via-postx_type</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-to-rest-api/acf-to-rest-api-334-insecure-direct-object-reference-to-authenticated-contributor-acf-fieldoption-modification</loc>
<lastmod>2026-01-06T19:59:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-1166-cross-site-scripting</loc>
<lastmod>2014-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-source-control-isc/image-source-control-lite-231-insecure-direct-object-reference</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-469-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-web-form-javascript/infusionsoft-web-form-javascript-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-150-missing-authorization</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-export-to-pdf-tool-for-wordpress-12027-missing-authorization</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-430-missing-authorization-to-order-export</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api-bing-map-2018/wp-bing-map-pro-414-cross-site-request-forgery-via-ajax-actions</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photographer-connections/photographer-connections-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20245-authenticated-contributor-stored-cross-site-scripting-via-host-header</loc>
<lastmod>2025-03-25T21:14:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smio-push-notification/smart-notification-103-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faq-accordion-plugin-247-authenticated-author-stored-cross-site-scripting-via-faq-content</loc>
<lastmod>2026-04-08T14:25:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-menu/responsive-menu-403-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-builder-1124-unauthenticated-sql-injection-via-p-parameter</loc>
<lastmod>2025-07-28T16:22:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w4-post-list/w4-post-list-245-information-disclosure-via-post_excerpt</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-pro-elementor/document-pro-elementor-documentation-knowledge-base-109-unauthenticated-information-exposure</loc>
<lastmod>2025-11-10T14:50:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-724-unauthenticated-double-extension-arbitrary-file-upload</loc>
<lastmod>2025-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-urls/export-all-urls-42-cross-site-request-forgery-to-sensitive-data-export</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gotravel/gotravel-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fetch-jft/fetch-jft-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T16:54:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-player-youtube-vimeo/youtube-vimeo-video-player-and-slider-wp-plugin-38-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-unauthenticated-sql-injection-via-qc_wpbo_search_response</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-file-editor/htaccess-file-editor-1019-unauthenticated-information-exposure</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-city-travel-guide-wordpress-theme-175-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-3317-cross-site-scripting-via-begin_date-end_date-or-form_id-parameter</loc>
<lastmod>2018-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-493-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecpay-ecommerce-for-woocommerce/ecpay-ecommerce-for-woocommerce-112411060-missing-authorization-to-authenticated-subscriber-log-deletion</loc>
<lastmod>2025-01-30T00:51:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-contact-form-widget/contact-form-widget-151-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-wp/affiliatewp-2282-unauthenticated-sql-injection</loc>
<lastmod>2025-09-29T20:00:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-posts-terms/create-posts-terms-131-cross-site-request-forgery</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-awesome-css/ajax-custom-cssjs-204-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-funeral-press/wp-funeralpress-116-cross-site-scripting</loc>
<lastmod>2013-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gantry/gantry-4-framework-413-remote-code-execution</loc>
<lastmod>2015-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcalc/wpcalc-create-any-online-calculators-21-sql-injection</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2591-insecure-direct-object-reference-to-authenticated-subscriber-link-on-private-post</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-424-missing-authorization-to-forged-vendor-profile-deletion-email-sending</loc>
<lastmod>2024-10-23T19:23:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxyshop/foxyshop-481-reflected-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-appointment/instant-appointment-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-audioplayer/simple-audioplayer-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-544-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circular_countdown/countdown-pro-wp-plugin-27-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-311-cross-site-request-forgery-via-adbc_save_settings_callback</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collectchat/collectchat-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-209-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-3410-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elessi-theme/elessi-641-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leads-5050-visitor-insights/leads5050-visitor-insights-104-unauthenticated-arbitrary-license-change</loc>
<lastmod>2021-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-customer-or-user/login-as-user-or-customer-user-switching-38-authentication-bypass</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-186-missing-authorization-to-authenticated-subscriber-filebird-plugin-installation</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-politic/ht-politic-237-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datepicker/wp-datepicker-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-page-builder-drag-and-drop-website-builder-21011-authenticated-author-stored-cross-site-scripting-via-settingsjs</loc>
<lastmod>2026-04-07T22:31:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-21012-reflected-cross-site-scripting-via-message</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-twitter-widget/qr-twitter-widget-023-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-author-box/about-author-box-102-cross-site-scripting</loc>
<lastmod>2021-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1522-authenticated-cross-site-scripting</loc>
<lastmod>2019-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-pages/wp-custom-pages-0501-path-traversal</loc>
<lastmod>2011-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bertha-ai-free/bertha-ai-112102-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-away/file-away-39901-missing-authorization-to-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-03-19T22:11:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-header-and-footer/simple-header-and-footer-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-custom-login/yith-custom-login-170-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jvm-woocommerce-wishlist/jvm-woocommerce-wishlist-126-insecure-direct-object-reference</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ispconfig3/wp-ispconfig-3-156-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4131-limited-privilege-escalation-via-acceptable_defined_roles</loc>
<lastmod>2023-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-popup-plugin/simple-popup-44-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exit-game/exit-game-143-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/weaver-xtreme/weaver-xtreme-theme-507-authenticatedcontributor-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-manager-for-elementor/page-manager-for-elementor-205-missing-authorization</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/msmc-redirect-after-comment/msmc-redirect-after-comment-212-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2017-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-tag-for-wc-from-goaskle-com/qr-code-for-woocommerce-order-emails-pdf-invoices-packing-slips-1942-authenticated-contributor-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-06T20:35:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-kit-premium/grid-kit-premium-220-reflected-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-642-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-3301-missing-authorization-to-authenticated-subscriber-api-secret-key-disclosure-and-privilege-escalation-via-wlm3_export_settings-ajax-action</loc>
<lastmod>2026-05-22T16:24:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-enable-debug/admin-debug-wordpress-enable-debug-1013-cross-site-request-forgery</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-access-manager/user-access-manager-1214-reflected-cross-site-scripting</loc>
<lastmod>2017-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-365-missing-authorization-to-authenticated-subscriber-stripe-webhook-deletion-and-payment-processing-disruption</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-422-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-linked-products/wpc-smart-linked-products-upsells-cross-sells-for-woocommerce-135-authenticated-contributor-privilege-escalation</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-breaking-news/instant-breaking-news-10-cross-site-request-forgery</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-management/wpchurch-270-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2111-missing-authorization</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-and-492-authenticated-subscriber-arbitrary-file-deletion-via-qcld_openai_delete_training_file</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-reviews-wp/widget-for-google-reviews-1015-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1714-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/sirv-753-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1210-authenticated-cross-site-scripting</loc>
<lastmod>2015-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-reflected-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18170-reflected-cross-site-scripting</loc>
<lastmod>2024-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-boost-sales-conversions-optins-subscribers-with-the-ultimate-wp-popups-builder-1202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesigntech-ultimate-booking-addon/wedesigntech-ultimate-booking-addon-103-missing-authorization</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-security/fluentauth-101-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigcontact/bigcontact-contact-page-147-authenticated-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-465-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-world-map/interactive-world-map-320-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-107-unauthenticated-remote-code-execution</loc>
<lastmod>2025-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-framework/gutenberg-template-library-redux-framework-4211-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/create-flipbook-from-pdf/creates-3d-flipbook-pdf-flipbook-12-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockists-manager/stockists-manager-for-woocommerce-1021-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-53-reflected-cross-site-scripting</loc>
<lastmod>2022-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1627-unauthenticated-price-manipulation</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-podcasts-manager/wp-podcasts-manager-13-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-268-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-ai-search-bar/ai-search-bar-21-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-680-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-by-adtribes-product-feeds-for-woocommerce-1346-13521-cross-site-request-forgery-to-multiple-administrative-actions</loc>
<lastmod>2026-04-07T12:49:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-responsive-multipurpose-wordpress-woocommerce-theme-2756-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-08-29T16:16:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-menu/float-menu-502-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fable-extra/fable-extra-106-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/table-contact-form-7-database-tablesome-1033-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-130-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3181-authenticatedcontributor-arbitrary-file-upload-to-remote-code-execution-via-template-import</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-list-with-featured-image/post-list-with-featured-image-12-reflected-cross-site-scripting</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-340-authenticated-contributor-stored-cross-site-scripting-via-image-accordion-widget</loc>
<lastmod>2025-02-14T21:06:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/allegiant/epsilon-framework-themes-various-versions-function-injection</loc>
<lastmod>2020-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tag-groups/tag-groups-is-the-advanced-way-to-display-your-taxonomy-terms-204-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-and-remote-arrows-5102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-528-authenticated-administrator-local-javascript-file-inclusion-via-fma_locale</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flickrshow/flickr-show-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:26:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-check-pincode-zipcode-for-shipping/woocommerce-check-pincodezipcode-for-shipping-204-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-08T22:09:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/energia/energia-112-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator-premium/stylish-cost-calculator-790-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-438-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-15T18:25:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scratch-win-giveaways-for-website-facebook/scratch-win-giveaways-and-contests-269-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subway/subway-private-site-option-214-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/confetti-fall-animation/confetti-fall-animation-131-authenticated-contributor-stored-cross-site-scripting-via-confetti-fall-animation-shortcode</loc>
<lastmod>2024-09-23T18:36:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-listing-realtyna-wpl/realtyna-organic-idx-plugin-500-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/antioch/antioch-13-arbitrary-file-download</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-3199-missing-authorization</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultra-addons-for-contact-form-7-3521-authenticated-contributor-stored-cross-site-scripting-via-uacf7_custom_fields-shortcode</loc>
<lastmod>2025-06-30T20:53:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-310-authenticated-author-stored-cross-site-scripting-via-jtlma_custom_js-page-setting-custom-js-extension</loc>
<lastmod>2026-06-05T12:04:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-science-designer/print-science-designer-13155-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro-messaging/private-messages-for-userpro-4100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authldap/authldap-261-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-137-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-12-04T17:24:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-email-alerts/smart-email-alerts-1010-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lonie/lonie-121-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sky-elementor-addons/sky-addons-for-elementor-free-templates-library-live-copy-animations-post-grid-post-carousel-particles-sliders-chart-blogs-261-cross-site-request-forgery-to-limited-arbitrary-options-update</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-4222-unauthenticated-information-exposure</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-flipbooks/responsive-flipbooks-10-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-639-reflected-cross-site-scripting</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/art-decoration-shortcode/art-decoration-shortcode-156-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mangboard-wp-186-authenticated-administrator-stored-cross-site-scripting-via-board-header-and-footer</loc>
<lastmod>2025-04-23T14:33:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podigee/podigee-140-unauthenticated-sever-side-request-forgery</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-header-effects-for-elementor/sticky-header-effects-for-elementor-213-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-1239-reflected-cross-site-scripting</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-payments-for-woocommerce/conditional-payments-for-woocommerce-330-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1812-unauthenticated-information-disclosure</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-like-send-button/firecask-like-share-button-12-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-01-20T22:58:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construct/construct-14-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/affiliate-program-suite-127-authenticated-contributor-stored-cross-site-scripting-via-slicewp_affiliate_url-shortcode</loc>
<lastmod>2026-05-05T17:50:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-22-sql-injection</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-page-toolkit/multi-page-toolkit-26-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-error-monitor/404-error-monitor-11-cross-site-request-forgery-to-plugin-settings-update-via-updatepluginsettings-function</loc>
<lastmod>2024-11-15T15:03:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodly-core/woodly-core-14-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-request-manager/music-request-manager-13-reflected-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-shortcode/download-shortcode-023-directory-traversal</loc>
<lastmod>2013-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-335-missing-authorization-to-private-event-disclosure</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activedemand/activedemand-0241-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coolclock/coolclock-434-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2j-slideshow/slideshow-image-slider-by-2j-1354-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-auction-405-cross-site-request-forgery-and-cross-site-scripting</loc>
<lastmod>2019-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/front-user-submit-front-editor-384-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-woocommerce-advanced-bulk-edit-inventory-management-more-8270-authenticated-admin-sql-injection</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-rocket-extension/mainwp-rocket-extension-403-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailarchiver/mailarchiver-450-authenticated-admininistrator-sql-injection-via-logid-parameter</loc>
<lastmod>2026-02-26T21:48:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vignete-ads/vignette-ads-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-134-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cluevo-lms/cluevo-lms-e-learning-platform-1132-reflected-cross-site-scripting</loc>
<lastmod>2025-01-08T22:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favorites/favorites-232-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homepage-product-organizer-for-woocommerce/homepage-product-organizer-for-woocommerce-11-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7111-authenticated-sql-injection-via-shortcode</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-232-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-173-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bfg-tools-extension-zipper/bfg-tools-extension-zipper-107-authenticated-administrator-path-traversal-via-first_file-parameter</loc>
<lastmod>2026-02-13T14:25:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-410-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-complete-smtp-solution-with-logs-alerts-backup-smtp-mobile-app-361-missing-authorization-to-authenticated-subscriber-oauth-token-update</loc>
<lastmod>2025-12-03T00:22:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-translate/my-wp-translate-11-authenticated-subscriber-missing-authorization-to-arbitrary-option-read-and-deletion</loc>
<lastmod>2025-09-10T19:03:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-ready/contact-form-2011-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zingaya-click-to-call/zingaya-click-to-call-10-reflected-cross-site-scripting-via-email-parameter</loc>
<lastmod>2026-05-04T14:07:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-3394-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-cloud/cart66-cloud-237-unauthenticated-information-exposure</loc>
<lastmod>2025-04-11T14:19:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-1513-unauthorized-access-to-information-disclosure</loc>
<lastmod>2018-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splash-connector/splash-sync-207-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T19:43:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments-reloaded/subscribe-to-comments-reloaded-211130-cross-site-request-forgery</loc>
<lastmod>2022-04-29T12:07:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-w3all-phpbb-integration/wp-w3all-phpbb-299-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-ajax-load-more/wordpress-ajax-load-more-and-infinite-scroll-160-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-06-05T17:49:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-faq-manager/advanced-faq-manager-152-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ban/wp-ban-169-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-197-unauthenticated-sensitive-information-exposure-via-init_plugin</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-snippets-vevents/events-rich-snippets-for-google-18-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-137-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmagthemes-demo-import/postmagthemes-demo-import-106-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-client-testimonial/client-testimonial-slider-20-authenticated-contributor-stored-cross-site-scripting-via-aft_testimonial_meta_name-metabox-field</loc>
<lastmod>2026-01-08T21:37:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-auto-tags-manager/wp-full-auto-tags-manager-22-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-bee/chat-bee-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-872-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api2cart-bridge-connector/api2cart-bridge-connector-110-arbitrary-file-upload</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-504-authenticated-subscriber-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-06-24T15:13:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-748-authenticated-contributor-stored-cross-site-scripting-via-su_carousel-shortcode</loc>
<lastmod>2026-04-03T19:34:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-152-full-path-disclosure</loc>
<lastmod>2006-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3112-authenticated-contributor-stored-cross-site-scripting-via-pdf-view-widget</loc>
<lastmod>2024-07-26T22:45:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wp-job-board-444-sql-injection</loc>
<lastmod>2018-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gracemedia-media-player/gracemedia-media-player-10-local-file-inclusion</loc>
<lastmod>2019-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/woolentor-262-cross-site-request-forgery-via-process_data</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mime-types-extended/mime-types-extended-011-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/razorpay-payment-button/razorpay-payment-button-246-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T13:23:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs-pro/betterdocs-pro-370-unauthenticated-sql-injection-via-encyclopedia-limit-parameter</loc>
<lastmod>2026-05-06T15:27:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-import-export-lite/wp-import-export-lite-3929-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-08-04T18:52:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-2716-reflected-cross-site-scripting</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-photostream/flickr-photostream-318-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermone-online-sermons-management/sermone-sermons-online-100-reflected-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsnapapp/wp-snap-app-15-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-080-reflected-cross-site-scripting-via-php_self</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgets-controller/widgets-controller-11-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nova-poshta-ttn/shipping-for-nova-poshta-plugin-for-wordpress-1196-unauthenticated-sql-injection</loc>
<lastmod>2024-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-dynamic-pricing-and-discounts/woocommerce-dynamic-pricing-and-discounts-241-unauthenticated-settings-importexport</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-woocommerce-multivendor-marketplace-solutions-4222-incorrect-authorization-to-authenticated-contributor-arbitrary-post-deletion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-staff-list/simple-staff-list-222-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/group-chat-video-chat-by-atomchat-117-missing-authorization-to-authenticated-subscriber-plugin-options-update</loc>
<lastmod>2026-03-20T15:17:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-2011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-3412-cross-site-request-forgery</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-670-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactivecalculator/interactivecalculator-for-wordpress-103-authenticated-contributor-stored-cross-site-scripting-via-id-shortcode-attribute</loc>
<lastmod>2026-02-17T18:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aftership-woocommerce-tracking/aftership-tracking-11717-missing-authorization</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/car-dealer-automotive-wordpress-theme-119-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/halfdata-optin-downloads/opt-in-downloads-407-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-12-11T15:37:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-crm/fluentcrm-2987-unauthenticated-blind-server-side-request-forgery-via-subscribeurl-parameter</loc>
<lastmod>2026-05-21T19:20:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2028-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-pug/grow-social-125-reflected-cross-site-scripting</loc>
<lastmod>2016-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-cu3er-gallery/nextgen-cu3er-gallery-01-multiple-full-path-disclosures</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/wp-ecommerce-389-sql-injection</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waymark/waymark-152-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-template-blocks-for-wpbakery-page-builder/app-landing-template-blocks-for-wpbakery-page-builder-202-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:23:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ss-font-awesome-icon/ss-font-awesome-icon-413-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingcom-banner-creator/bookingcom-banner-creator-146-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-archive-generator/simple-archive-generator-52-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-useronline/wp-useronline-2880-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-6915-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/140-widgets-best-addons-for-elementor-free-1431-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-fields-factory/wc-fields-factory-415-authenticatedsubscriber-sql-injection</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-152-authenticated-contributor-dom-based-stored-cross-site-scripting-via-data-lakit-element-link-parameter</loc>
<lastmod>2025-05-29T18:09:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-pack-by-site-caseiro/admin-pack-by-site-caseiro-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2015-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-by-weblizar/social-likebox-feed-284-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2019-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-pro-7210-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-online-food-ordering-restaurant-menu-delivery-and-reservations-for-woocommerce-2225-authenticated-contributor-file-inclusion-via-shortcode</loc>
<lastmod>2024-06-24T16:59:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cumulus/wp-cumulus-122-cross-site-scripting</loc>
<lastmod>2009-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-in-blog/blog-in-blog-200-authenticated-editor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/injection-guard/injection-guard-121-missing-authorization-via-ig_update</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/foxiz/foxiz-235-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w-dalil/w-dalil-20-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-1620-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-1011-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2015-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/holler-box/hollerbox-232-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attire-blocks/gutenberg-blocks-and-page-layouts-attire-blocks-195-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:19:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-countdown-widget/wordpress-countdown-widget-3192-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/RLSWordPressSearch/rlswordpresssearch-all-versions-sql-injection</loc>
<lastmod>2013-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-folio/simple-folio-110-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T16:28:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-recipe/wp-ultimate-recipe-3127-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woobox/woobox-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-323-cross-site-request-forgery-via-tptn_ajax_clearcache</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avchat-3/community-lite-video-chat-142-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/wp-pro-real-estate-7-354-authenticated-custom-arbitrary-file-upload</loc>
<lastmod>2025-03-31T19:22:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-contact-form-7-and-constant-contact-114-open-redirect</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-635-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clock-in-portal/clock-in-portal-21-cross-site-request-forgery-to-holidays-deletion</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themehunk-megamenu-plus/themehunk-120-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-logging/wp-mail-logging-182-cross-site-scripting</loc>
<lastmod>2017-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-eu/captchaeu-1061-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-responsive-slider/simple-responsive-slider-0225-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluid-checkout/fluid-checkout-for-woocommerce-lite-231-cross-site-request-forgery-via-dismiss_notice</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-site-redirect/mobile-site-redirect-121-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:18:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-responsive-image-slider/ultimate-responsive-image-slider-3511-missing-authorization-via-ajax-action</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realty-workstation/realty-workstation-1045-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5011-unauthenticated-arbitrary-user-password-change-via-sql-injection</loc>
<lastmod>2024-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-permalinks/custom-permalinks-11-authenticated-sql-injection</loc>
<lastmod>2018-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-plus/event-tickets-and-registration-580-events-tickets-plus-590-authenticated-contributor-information-exposure</loc>
<lastmod>2024-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-314-unauthenticated-sql-injection-via-parse_user_filters</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-125-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3154-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpupper-share-buttons/wpupper-share-buttons-351-cross-site-request-forgery-to-custom-css-update</loc>
<lastmod>2025-02-20T15:01:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-easy/easy-google-maps-11111-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-drag-drop-form-builder-for-wordpress-1472-stored-cross-site-scripting</loc>
<lastmod>2018-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wiki-embed/wiki-embed-146-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-201-authenticated-contributor-stored-cross-site-scripting-via-alignment-parameter</loc>
<lastmod>2024-08-30T20:12:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/bulk-noindex-nofollow-toolkit-15-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-optimize/ws-optimize-all-in-one-speed-booster-cache-tools-3319-authenticated-editor-arbitrary-file-read</loc>
<lastmod>2026-06-12T14:06:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4642-reflected-cross-site-scripting</loc>
<lastmod>2017-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-697-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb2wp-integration-tools/xx2wp-integration-tools-199-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-745-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-11-23T10:11:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-converter-for-media/webp-converter-for-media-convert-webp-and-avif-optimize-images-102-cross-site-request-forgery</loc>
<lastmod>2019-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/https-links-in-content/http-to-https-link-changer-by-eyganet-024-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
</urlset>
