<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-groups/wp-user-groups-210-cross-site-request-forgery</loc>
<lastmod>2018-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-410-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-220-authenticated-subscriber-time-based-sql-injection-via-dir_id</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-1393-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-shortcodes/nd-shortcodes-75-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T11:33:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-620-path-traversal-via-tax-importer</loc>
<lastmod>2022-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3509-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2026-03-20T15:10:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-385-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-187-open-redirect</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-genix-lite/support-genix-1411-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cosmic-blocks/cosmic-blocks-40-content-editor-blocks-collection-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:22:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-583-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13986-authenticated-contributor-stored-cross-site-scripting-via-team-member-widget</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3224-missing-authorization-to-unauthenticated-registered-user-deletion</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/interactive-contact-form-and-multi-step-form-builder-with-drag-drop-editor-funnelforms-free-3732-missing-authorization-to-unauthenticated-arbitrary-media-deletion</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-68-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-reviews/rich-reviews-by-starfish-1914-cross-site-request-forgery</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio5-html5-shoutcast_sticky/sticky-radio-player-34-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1216-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-for-wordpress-93-missing-authorization</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5751-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3285-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shareaholic/shareaholic-9711-missing-authorization-via-accept_terms_of_service</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-201-missing-authorization-to-settings-modification</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olevmedia-shortcodes/olevmedia-shortcodes-119-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-pagaleve/pix-4x-sem-juros-pagaleve-169-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hcaptcha-for-forms-and-more/hcaptcha-for-wordpress-400-authenticated-contributor-stored-cross-site-scripting-via-cf7-hcaptcha-shortcode</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-estate/opal-estate-1611-missing-authorization</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik-mortgage-calculator/wordpress-mortgage-calculator-estatik-2011-reflected-cross-site-scripting</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-table-of-contents/luckywp-table-of-contents-215-reflected-cross-site-scripting</loc>
<lastmod>2024-05-21T19:04:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-531-authorization-bypass</loc>
<lastmod>2019-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-410-insecure-direct-object-reference-to-authenticated-contributor-arbitrary-folder-deletion</loc>
<lastmod>2026-03-14T13:11:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/winterlock/activity-log-for-wordpress-128-missing-authorization-to-sensitive-information-exposure-via-log-file</loc>
<lastmod>2026-02-11T23:45:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-thank-you-page-for-woocommerce-2190-missing-authorization-to-authenticated-subscriber-deactivation-reason-submission</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/themify-ultra/themify-ultra-735-missing-authorization</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiline-files-for-contact-form-7/multiline-files-upload-for-contact-form-7-281-missing-authorization-to-authenticated-subscriber-plugin-deactivation</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rover-idx/rover-idx-3002905-authenticated-subscriber-authentication-bypass-to-administrator</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1896-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-2012-cross-site-scripting</loc>
<lastmod>2017-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-grid-view-gallery/category-grid-view-gallery-231-reflected-cross-site-scripting</loc>
<lastmod>2013-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preloader-for-website/preloader-for-website-122-missing-authorization-via-plwao_register_settings</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/og-tags/og-tags-201-cross-site-request-forgery</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rvg-optimize-database/optimize-database-after-deleting-revisions-50110-cross-site-request-forgery-via-odb_csv_download</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pure-chat/pure-chat-live-chat-plugin-more-222-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-whmcs/login-with-whmcs-1113-authentication-bypass</loc>
<lastmod>2022-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_activate-and-cg_deactivate</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-406-local-file-inclusion-and-phar-deserialization</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traderunner/trade-runner-39-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1522-login-page-disclosure-via-actionrp</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tiles/wp-tiles-112-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpeventticketing/wp-event-ticketing-134-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6233-missing-authorization</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpress/sendpress-newsletters-123116-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/wp-cookie-notice-for-gdpr-ccpa-eprivacy-consent-225-authenticatedadministrator-csv-injection</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-form/gutenverse-form-220-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-weixin-robot/wp-535-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-builder-4104-authenticated-contributor-stored-cross-site-scripting-via-livesite-pay-shortcode</loc>
<lastmod>2024-12-04T21:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-statusbulkedit-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/fastbook-11-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcasa/wpcasa-1213-insecure-direct-object-reference</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zarinpal-paid-downloads/zarinpal-paid-downloads-23-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-by-ays-637-authenticated-subscriber-sensitive-information-exposure-in-ays_poll_get_user_information-ajax-action</loc>
<lastmod>2026-05-28T13:39:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/delicious-195-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/selio/selio-real-estate-directory-11-stored-cross-site-scripting</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-221-cross-site-request-forgery</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-162-sql-injection</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-for-font-awesome/block-for-font-awesome-140-cross-site-request-forgery</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/retain/retain-live-chat-01-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpguppy-lite/wpguppy-113-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-367-admin-malicious-file-upload</loc>
<lastmod>2022-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-5112-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-06T20:36:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m-chart/m-chart-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandon-cart-pro/abandoned-cart-pro-for-woocommerce-9160-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-06-09T15:30:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-privacy-policy/adsense-privacy-policy-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geowidget/geo-widet-10-reflected-cross-site-scripting</loc>
<lastmod>2026-02-13T18:32:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-feed-stats/simple-statistics-for-feeds-20250322-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-payments-for-woocommerce/mollie-payments-for-woocommerce-7311-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-google-fonts-pro/omgf-pro-526-unauthenticated-arbitrary-file-upload-via-import-url-reflection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-1012-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-and-plugin-integration-reset</loc>
<lastmod>2026-05-12T09:45:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-block-country/admin-block-country-714-cross-site-request-forgery-via-admin_block_country_initial_page</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elastic-email-subscribe-form/elastic-email-subscribe-form-122-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/mystickymenu-251-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/romancart-ecommerce/romancart-ecommerce-208-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-08T15:06:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-step-form/multi-step-form-177-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testing/psychological-tests-quizzes-02119-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-04-26T13:33:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-pro-3150-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tripster/tripster-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-vehicle-parts-finder/woocommerce-vehicle-parts-finder-37-unauthenticated-php-object-injection</loc>
<lastmod>2025-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rebrand-fluent-forms/rebrand-fluent-forms-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-pro-7621-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flashfader/flashfader-111-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-deluxe/adsense-deluxe-08-cross-site-request-forgery</loc>
<lastmod>2007-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-image-compression-and-optimization-3170-authenticated-admin-directory-traversal</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-users-email/send-users-email-143-sensitive-information-exposure-via-error-logs</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-cf7-connector/contact-form-7-connector-1113-reflected-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickcease-click-fraud-protection/clickcease-click-fraud-protection-324-improper-authorization-to-sensitive-information-exposure-via-get_settings</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-107-111-missing-authorization-to-non-arbitrary-user-deletion</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/wp-superbackup-233-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piwik-pro/various-affected-software-various-versions-arbitrary-file-upload</loc>
<lastmod>2009-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/draw-attention/draw-attention-2015-improper-access-control-via-register_cpt</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4131-stored-cross-site-scripting-via-custom_profile</loc>
<lastmod>2021-10-18T17:16:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pronamic-google-maps/pronamic-google-maps-232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-market-charts-from-finviz/stock-market-charts-from-finviz-101-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-redirection-manager/404-seo-redirection-13-reflected-cross-site-scripting</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guten-post-layout/guten-post-layout-an-advanced-post-grid-collection-for-wordpress-gutenberg-124-authenticated-contributor-stored-cross-site-scripting-via-align-attribute</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-brw/brw-187-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-classic-20261-cross-site-request-forgery-via-email-allowlist</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.6/wordpress-core-361-html-file-upload</loc>
<lastmod>2013-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-345-missing-authorization</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-2/smart-slider-2-2311-reflected-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-489-unauthenticated-sql-injection-via-oid</loc>
<lastmod>2025-07-01T14:54:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracked-tweets/tracked-tweets-029-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-styler/design-for-contact-form-7-style-wordpress-plugin-cf7-wow-styler-171-unauthenticated-arbitrary-shortcode-execution-and-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:08:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alert-before-your-post/alert-before-your-post-011-cross-site-scripting</loc>
<lastmod>2011-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-estate-pro/opal-estate-pro-175-unauthenticated-privilege-escalation-via-on_regiser_user</loc>
<lastmod>2025-06-30T18:39:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-700-720-insufficient-privilege-de-escalation</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-31T15:28:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-583-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-audio/wonderplugin-audio-player-20-blind-sql-injection</loc>
<lastmod>2015-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animate-your-content/animate-your-content-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:25:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-youtube-channel-pagination/advanced-youtube-channel-pagination-10-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-284-sql-injection</loc>
<lastmod>2020-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-221-unauthenticated-sql-injection</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud-manager/cloud-manager-10-reflected-cross-site-scripting</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-bannerWithPlaylist/lambertgroup-allinone-banner-with-playlist-38-reflected-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-authenticated-author-sql-injeciton</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-shortcodes/nd-shortcodes-69-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0989-authenticated-administrator-arbitrary-directory-deletion-via-path-traversal</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonials/testimonials-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-drag-drop-wordpress-form-builder-11220-cross-site-request-forgery-to-survey-deletion</loc>
<lastmod>2025-12-01T18:33:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-154-directory-traversal-to-arbitrary-file-disclosure</loc>
<lastmod>2015-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templates-and-addons-for-wpbakery-page-builder/business-template-blocks-for-wpbakery-visual-composer-page-builder-132-reflected-cross-site-scripting</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart2cart-magento-to-woocommerce-migration/cart2cart-magento-to-woocommerce-migration-200-missing-authorization-via-settoken</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ttt-crop/ttt-crop-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider/testimonial-slider-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-feed/reviews-feed-add-testimonials-and-customer-reviews-from-google-reviews-yelp-tripadvisor-and-more-112-cross-site-request-forgery</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-1260-authenticated-contributor-stored-cross-site-scripting-via-title-and-data-dt-img-description-attributes</loc>
<lastmod>2025-08-09T01:09:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pro/blog-designer-pro-348-missing-authorization</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-menu-widget/advanced-menu-widget-041-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitate-automated-tester/gravitate-automated-tester-145-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-111-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T14:47:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine-pro/ai-engine-pro-342-missing-authorization</loc>
<lastmod>2026-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-store/food-store-online-food-delivery-pickup-152-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-elementor-whmcs-elements/void-elementor-whmcs-elements-for-elementor-page-builder-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5126-authenticated-subscriber-arbitrary-file-read-via-shortcode</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-lite/related-posts-lite-112-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-post-title-overwrite</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer-security/loginizer-security-and-loginizer-192-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-missing-authorization</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-485-missing-authorization-to-unauthenticated-popup-template-export</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fundpress/fundpress-208-missing-authorization-to-unauthenticated-arbitrary-donation-status-modification-via-donate_action_status-ajax-handler</loc>
<lastmod>2026-05-01T19:18:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-151-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-qcloud-cos/sync-qcloud-cos-plugin-201-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captainform/forms-by-captainform-253-cross-site-request-forgery</loc>
<lastmod>2022-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotlink2watermark/hotlink2watermark-032-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hitpay-payment-gateway/hitpay-payment-gateway-for-woocommerce-413-information-exposure-via-log-files</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vp-sitemap/vp-sitemap-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3123-authenticated-subscriber-sql-injection-via-id</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-179-cross-site-request-forgery</loc>
<lastmod>2016-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/immonex-kickstart-team/immonex-kickstart-team-169-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-most-powerful-knowledge-base-wiki-documentation-builder-plugin-241-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-featured-images/quick-featured-images-1370-missing-authorization-to-authenticated-contributor-arbitrary-thumbnail-deletionsetting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight-search-terms-results/highlight-searched-terms-in-results-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wikipop/wikipop-20-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wh-tweaks/wh-tweaks-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-22-unauthenticated-information-exposure</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3152-unauthenticated-remote-code-execution-via-php-function-injection-via-render_logics-shortcode-attribute-via-widget-ajax-handler</loc>
<lastmod>2026-05-20T15:45:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kalrav-ai-agent/kalrav-ai-agent-233-unauthenticated-arbitrary-file-upload-via-kalrav_upload_file-ajax-action</loc>
<lastmod>2026-01-23T19:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-slider/social-slider-742-sql-injection</loc>
<lastmod>2011-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conversion-helper/conversion-helper-112-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-analytics/10webanalytics-1212-missing-authorization-via-gawd_wd_bp_install_notice_status</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-accessibility/all-in-one-accessibility-115-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nicejob/nicejob-371-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-12T13:19:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gc-testimonials/gc-testimonials-132-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brooklyn/brooklyn-4992-php-object-injection</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0975-authenticated-admin-directory-traversal</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-973-authenticated-stored-cross-site-scripting-via-video-link</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentlock/contentlock-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-426-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-393-missing-authorization-to-authenticated-subscriber-course-enrollment-bypass</loc>
<lastmod>2026-01-08T18:43:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-253-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-220-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-350-cross-site-request-forgery</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-remix/wp-comment-remix-144-sql-injection</loc>
<lastmod>2008-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xforwoocommerce/xforwoocommerce-202-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedpress-generator/feedpress-generator-121-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-theme-generator/child-theme-generator-227-cross-site-request-forgery-to-arbitrary-folder-deletion</loc>
<lastmod>2021-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decalog/decalog-370-cross-site-request-forgery-via-get_settings_page</loc>
<lastmod>2023-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmpress/whmpress-62-revision-5-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-star-ratings/kk-star-ratings-rate-post-collect-user-feedbacks-5410-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-12-20T16:25:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-elementor/shortcodes-for-elementor-104-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-31-cross-site-request-forgery</loc>
<lastmod>2013-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.3/wordpress-core-332-cross-site-scripting</loc>
<lastmod>2012-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-original-image/delete-original-image-04-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-627-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-1511-reflected-cross-site-scripting-via-redirect-page-parameter</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-200-authenticated-contributor-stored-cross-site-scripting-via-button-link</loc>
<lastmod>2025-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-215-missing-authorization</loc>
<lastmod>2025-01-16T20:12:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digg-digg/digg-digg-535-cross-site-request-forgery</loc>
<lastmod>2013-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/royale-news/royale-news-224-missing-authorization</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-online/visitors-online-by-bestwebsoft-03-sql-injection</loc>
<lastmod>2015-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-responsive-multipurpose-wordpress-woocommerce-theme-2755-authenticated-author-stored-cross-site-scripting-via-svg-file</loc>
<lastmod>2024-09-12T17:35:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-filter/wordpress-filter-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4614-missing-authorization-to-settings-update</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgs-core/pgs-core-580-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yahoo-media-player/yahoo-webplayer-206-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-customer-satisfaction-questionnaire-chat-survey-calculation-form-payment-forms-497-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-146-missing-authorization-via-stm_wpcfto_get_settings_callback</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3910-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-share-summarize/ai-share-summarize-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtoffee-gdpr-cookie-consent/gdpr-cookie-consent-260-cross-site-request-forgery-to-bulk-delete</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ravpage/ravpage-231-php-object-injection</loc>
<lastmod>2025-02-19T21:08:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-limit-login/wps-limit-login-1461-authorization-bypass-via-ip-spoofing</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-azure/all-in-one-microsoft-365-entra-id-azure-ad-sso-login-225-authentication-bypass</loc>
<lastmod>2026-03-02T13:04:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-corrector/wp-post-corrector-102-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3158-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aforms-eats/aforms-eats-131-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-contact-widget/business-contact-widget-270-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/si-contact-form/fast-secure-contact-form-4037-cross-site-scripting</loc>
<lastmod>2015-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/gtranslate-303-authenticated-administrator-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2023-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-250701-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-221-231-missing-authorization-to-unauthenticated-privilege-escalation-via-plugin-settings-update</loc>
<lastmod>2025-11-03T15:23:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-249-unauthenticated-payment-bypass-via-insufficient-verification-of-data-authenticity-via-paypal-ipn-handler-invoicemc_gross-verification</loc>
<lastmod>2026-05-28T19:54:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-315-unauthenticated-sql-injection</loc>
<lastmod>2020-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-lead-capture/woocommerce-wholesale-lead-capture-2031-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-them-all/captcha-them-all-133-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4120-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-llama/quotes-llama-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T15:10:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-463-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amcharts-charts-and-maps/amcharts-charts-and-maps-144-reflected-cross-site-scripting-via-cross-site-request-forgery</loc>
<lastmod>2024-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-1415-cross-site-scripting</loc>
<lastmod>2018-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videos/videos-105-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11540-authenticated-administrator-sql-injection-via-ip_search-parameter</loc>
<lastmod>2026-04-16T15:04:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-disclosure/wp-affiliate-disclosure-127-authenticated-contributor-stored-cross-site-scripting-via-id</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmk-block/wpmk-block-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:05:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-stored-cross-site-scripting-via-ip</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-cross-site-request-forgery-to-settings-update-in-stopoptimizeall</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-cf7-db-209-missing-authorization-to-authenticated-subscriber-form-submissions-excel-export</loc>
<lastmod>2026-04-08T05:13:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lime-developer-login/lime-developer-login-140-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motordesk/motordesk-112-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-23T16:41:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamictags/dynamictags-140-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-salesforce/integration-for-salesforce-and-contact-form-7-wpforms-elementor-formidable-ninja-forms-146-missing-authorization</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-7331-authenticated-administrator-php-object-injection-via-csv-import</loc>
<lastmod>2025-11-18T17:44:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-appointment-scheduling-software/swift-calendar-online-appointment-scheduling-133-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-274-remote-code-execution</loc>
<lastmod>2014-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-220-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-20T18:46:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-metabox/video-metabox-11-stored-cross-site-scripting</loc>
<lastmod>2013-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1223-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-team-members/team-members-503-authenticated-cross-site-scripting</loc>
<lastmod>2020-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-42413-unauthenticated-path-traversal-to-arbitrary-file-read-in-wfu_file_downloaderphp</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobify/jobify-144-authenticated-contributor-stored-cross-site-scripting-via-keyword-parameter</loc>
<lastmod>2025-09-10T18:46:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blossom-spa/blossom-spa-133-sensitive-information-exposure</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/justicia/justicia-12-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1162-stored-cross-site-scripting</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-434-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-372-reflected-cross-site-scripting-via-s</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compare-tables/wp-compare-tables-105-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-72-unauthenticated-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-1622-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unify/unify-325-cross-site-scripting</loc>
<lastmod>2022-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legoeso-pdf-manager/legoeso-pdf-manager-122-authenticated-author-sql-injection-via-checkedvals-parameter</loc>
<lastmod>2025-02-19T21:08:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gg-woo-feed/gg-woo-feed-for-woocommerce-shopping-feed-126-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thebooking/thebooking-144-missing-authorization</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dezdy-mcommerce/dezdy-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-excerpts/simply-excerpts-14-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-rss-reader/silencesoft-rss-reader-06-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-661-authenticated-authorization-bypass-and-privilege-escalation</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/construction-landing-page/construction-landing-page-135-cross-site-request-forgery</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liquid-blocks/liquid-blocks-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crush-pics/crushpics-image-optimizer-187-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2026-01-13T16:49:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-51-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopconstruct/shopconstruct-product-catalog-shopping-cart-and-ecommerce-solution-for-store-112-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-203-unauthorized-image-file-upload</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1241-cross-site-request-forgery</loc>
<lastmod>2014-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-522-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/vcita-online-booking-scheduling-calendar-440-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/streamcast/streamcast-radio-player-for-wordpress-210-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wholesale-pricing/premmerce-wholesale-pricing-for-woocommerce-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elementra/elementra-100-elementor-wordpress-theme-109-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-cookie-law/eu-cookie-law-312-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-excel-pricelist-for-woocommerce/simple-excel-pricelist-for-woocommerce-113-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-23T19:42:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfreestats/afs-analytics-421-missing-authorization</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-push-notification/all-push-notification-for-wp-153-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-for-wordpress-167-sensitive-information-exposure</loc>
<lastmod>2023-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/triberr-wordpress-plugin/triberr-411-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-wordpress-data-with-advanced-filters-141-cross-site-request-forgery</loc>
<lastmod>2018-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-651-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sniplets/sniplets-123-remote-file-inclusion</loc>
<lastmod>2008-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentformpro/fluent-forms-pro-6117-unauthenticated-stored-cross-site-scripting-via-draft-form-submission</loc>
<lastmod>2026-03-04T14:28:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-wordpress-contactform/enhanced-wp-contact-form-223-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gdpr/wordpress-gdpr-ccpa-1926-reflected-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-elementor-widgets/masterstudy-elementor-widgets-124-missing-authorization</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-395-reflected-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qards/qards-unspecified-version-stored-cross-site-scripting</loc>
<lastmod>2017-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-417-sql-injection</loc>
<lastmod>2019-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cal-embedder-lite/usestricts-calendly-embedder-1172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-cfdb7-1261-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-tool/debug-tool-22-unauthenticated-arbitrary-file-creation</loc>
<lastmod>2024-11-08T14:06:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2252-cross-site-request-forgery</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr-premium/complianz-free-633-premium-635-sql-injection-via-translations</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-3495-authenticated-contributor-stored-cross-site-scripting-via-wpmem_loginout-shortcode</loc>
<lastmod>2024-10-24T23:18:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rhodos/rhodos-133-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ask-me/ask-me-683-cross-site-request-forgery</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplyrics/wp-lyrics-041-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-5711-php-object-injection</loc>
<lastmod>2019-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-for-szamlazzhu-woocommerce/integration-for-szamlazzhu-woocommerce-5632-cross-site-request-forgery</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tc-ecommerce/themes-coder-134-unauthenticated-sql-injection</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-switcher/image-switcher-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-428-reflected-cross-site-scripting-via-cntctfrm_contact_address</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/temporary-login-without-password/temporary-login-without-password-170-subscriber-plugin-settings-update</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-3038-reflected-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0931-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-258-cross-site-request-forgery-via-bulk_delete</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-fields/wordpress-comments-fields-40-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pennews/pennews-674-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite-pro/pixelyoursite-936-and-pixelyoursite-pro-961-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-240-reflected-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-analyticsjs-local/caos-host-google-analytics-locally-4714-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2023-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grandrestaurant-elementor/grand-restaurant-theme-elements-for-elementor-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-354-missing-authorization-to-sensitive-information-exposure-via-limited-local-file-inclusion</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12020-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-author-image/easy-author-image-15-email-information-exposure</loc>
<lastmod>2015-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-indexer/post-indexer-3061-authenticated-super-admin-sql-injection</loc>
<lastmod>2016-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/playroom/playroom-141-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cs-framework/cs-framework-71-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-walla/wp-walla-0535-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:07:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gerencianet-official/gerencianet-oficial-148-cross-site-request-forgery</loc>
<lastmod>2023-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-lite-181-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-11T12:10:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-to-url-post/link-to-url-post-13-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/file-sharing-download-manager-216-authenticated-subscriber-stored-cross-site-scripting-via-fldr_ttl-parameter</loc>
<lastmod>2026-06-15T18:58:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-blocks/productx-gutenberg-woocommerce-blocks-woocommerce-builder-wishlist-for-woocommerce-products-comparison-quick-view-online-store-all-in-one-solution-225-multiple-cross-site-scripting</loc>
<lastmod>2022-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-lite-864-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-simple-rss/custom-simple-rss-207-cross-site-request-forgery</loc>
<lastmod>2019-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backup-manager/wp-backup-manager-1131-reflected-cross-site-scripting</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-contact-form-7/vaultre-contact-form-7-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171017-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podcast-importer-secondline/podcast-importer-secondline-114-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invelity-sps-connect/invelity-sps-connect-108-reflected-cross-site-scripting</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3110-reflected-cross-site-scripting</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotelrunner/hotelrunner-booking-widget-16-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-201-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmo-font-agent/gmo-font-agent-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lightbox-2/wp-lightbox-2-3065-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/contact-forms-by-cimatti-170-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/itracker360/itracker360-220-cross-site-request-forgery-to-stored-cross-site-scripting-via-itracker_license-settings-field</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wtyczka-seopilot-dla-wp/wtyczka-seopilot-dla-wp-33091-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:02:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ds-site-message/ds-site-message-1144-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-71110-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-878-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-importer/wordpress-importer-083-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/masterstudy/masterstudy-48126-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owl-carousel-wp/owl-carousel-wp-222-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-share-my-site/like-share-my-site-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-21T20:53:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shop-original/wp-shop-396-missing-authentication-to-settings-change-and-order-deletion</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-178-missing-authorization</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-211-improper-authorization-to-authenticated-contributor-arbitrary-options-disclosure</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-154-reflected-cross-site-scripting</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-monetization-by-magenet/website-monetization-by-magenet-10291-cross-site-request-forgery-via-admin_magenet_settings</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/pdf-builder-for-woocommerce-create-invoicespacking-slips-and-more-12136-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-image-gallery/image-gallery-lightbox-gallery-responsive-photo-gallery-masonry-gallery-160-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rehub-theme/rehub-1997-unauthenticated-password-protected-post-disclosure</loc>
<lastmod>2025-09-05T13:04:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digi-store/digi-store-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-4024-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-19T17:03:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-event-booking/awesome-event-booking-275-cross-site-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-60-655-unauthenticated-remote-code-execution-via-race-condition</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4103-missing-authorization-leading-to-authenticated-subscriber-sensitive-information-disclosure</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-custom-login/admin-custom-login-247-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-505-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2019-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dewplayer/advanced-dewplayer-13-directory-traversal</loc>
<lastmod>2013-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iq-block-country/iq-block-country-1213-protection-bypass-due-to-ip-spoofing</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5984-missing-authorization-to-authenticated-subscriber-group-settings-modification</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmpress/whmpress-63-revision-0-unauthenticated-local-file-inclusion-to-arbitrary-options-update</loc>
<lastmod>2025-02-27T19:59:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helper-lite/wp-helper-premium-461-missing-authorization-in-whp_smtp_send_mail_test</loc>
<lastmod>2024-10-09T13:29:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mine-cloudvod/mine-cloudvod-2110-authenticated-contributor-stored-cross-site-scripting-via-audio-parameter</loc>
<lastmod>2025-07-23T20:37:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-3114-authenticated-contributor-stored-cross-site-scripting-via-ao_post_preload-meta-value</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-38118-cross-site-request-forgery</loc>
<lastmod>2022-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-15-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-07-08T22:00:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popup-builder-with-gamification-multi-step-popups-page-level-targeting-and-woocommerce-triggers-214-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/roisin/roisin-flower-shop-and-florist-wordpress-theme-14-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/all-in-one-floating-contact-form-203-reflected-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oxpitan/oxpitan-135-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterlinks/betterlinks-217-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-and-move/backup-and-move-01-missing-authorization</loc>
<lastmod>2025-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-and-buddyboss-theme-multiple-versions-authenticated-subscriber-stored-cross-site-scripting-via-invitee_name</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-820-reflected-cross-site-scripting-via-s</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monetize/monetize-103-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1450-authenticated-administrator-sql-injection-via-order_by-parameter</loc>
<lastmod>2025-07-17T16:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-1120-cross-site-scripting</loc>
<lastmod>2017-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3130-cross-site-request-forgery</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/under-construction-maintenance-mode/under-construction-coming-soon-maintenance-mode-111-server-side-request-forgery</loc>
<lastmod>2021-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-appointment-scheduling-booking-calendar-1141-missing-authorization</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anac-xml-render/anac-xml-render-157-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leira-cron-jobs/cron-jobs-129-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/posterity/posterity-38-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-612-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-364-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-contact-form/multi-language-responsive-contact-form-28-missing-authorization</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-and-rating-docplanner/reviews-and-rating-114-missing-authorization-to-authenticated-subscriber-arbitrary-modification-via-sync_reviews-ajax-action</loc>
<lastmod>2026-06-23T16:40:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wp-454-unauthenticated-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-080-reflected-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/funnel-builder-by-cartflows-201-authenticated-editor-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-542-missing-authorization-to-authenticated-subscriber-feature-modification-via-multiple-ajax-handlers-listingidid-parameters</loc>
<lastmod>2026-06-18T15:38:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-away/file-away-39901-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-for-woocommerce/quotes-for-woocommerce-201-missing-authorization</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2111-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invelity-mygls-connect/invelity-mygls-connect-111-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-website-logo/simple-website-logo-11-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homevillas-real-estate/home-villas-real-estate-wordpress-theme-22-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3810-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-listing-realtyna-wpl/realtyna-organic-idx-plugin-4144-unauthenticated-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigbluebutton/bigbluebutton-300-beta4-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clinked-client-portal/clinked-client-portal-110-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-143-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-07-03T09:03:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2223-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2024-05-22T13:15:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/job-portal-243-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-google-map/responsive-google-map-315-missing-authorization</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1218-reflected-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blocksy/blocksy-2022-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-country/block-country-10-cross-site-request-forgery</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-445-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-13T17:19:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/airdrop/wp-airdrop-manager-105-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58001-reflected-cross-site-scripting-via-step</loc>
<lastmod>2024-12-20T18:47:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-byebye/spam-byebye-221-unauthenticated-cross-site-scripting</loc>
<lastmod>2019-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-refresh-single-page/auto-refresh-single-page-11-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-329-missing-authorization</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-page-builder-toolkit-for-gutenberg-editor-363-missing-authorization-to-authenticated-contributor-media-upload</loc>
<lastmod>2026-04-03T19:45:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookit/bookit-250-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xl-tab/xltab-accordions-and-tabs-for-elementor-page-builder-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keymaster-chord-notation-free/keymaster-chord-notation-free-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-sales-count-manager/sales-count-manager-for-woocommerce-25-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-help-scout/woocommerce-help-scout-291-arbitrary-file-upload-to-remote-code-execution</loc>
<lastmod>2021-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/access-demo-importer/access-demo-importer-107-cross-site-request-forgery-to-data-reset</loc>
<lastmod>2022-01-24T12:01:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gravity-forms-spreadsheets/connector-for-gravity-forms-and-google-sheets-126-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3282-unauthenticated-password-leak</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-from-ftp/media-from-ftp-1115-improper-privilege-management</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-304-sensitive-information-disclosure</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-382-missing-authorization-to-authenticated-subscriber-plugin-settings-delete-via-admin_post_remove-and-remove_private_data</loc>
<lastmod>2023-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doctreat_core/doctreat-core-168-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-09T20:15:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-312-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anant-addons-for-elementor/anant-addons-for-elementor-118-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-timetable/noo-timetable-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-leaflet-map/extensions-for-leaflet-map-48-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1837-cross-site-request-forgery</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-329-missing-authorization</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-541-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snillrik-restaurant-menu/snillrik-restaurant-230-authenticated-contributor-stored-cross-site-scripting-via-menu_style-shortcode-attribute</loc>
<lastmod>2026-01-06T20:40:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-wordpress-help-desk-and-knowledge-base-166-missing-authorization-to-authenticated-subscriber-multiple-administrator-actions</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2142-authenticated-subscriber-arbitrary-shortcode-execution-via-inpost_gallery_get_shortcode_template</loc>
<lastmod>2024-11-25T17:51:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sequential-order-numbers-for-woocommerce/sequential-order-numbers-for-woocommerce-362-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/caliris-wp/caliris-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg/easy-svg-support-37-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-07T18:37:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mobi/wpmobi-003-cross-site-request-forgery-via-save_general_settings-action</loc>
<lastmod>2026-06-08T15:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3215-unauthenticated-sql-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-for-geodirectory/events-calendar-for-geodirectory-2325-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-12550-cross-site-request-forgery</loc>
<lastmod>2018-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/melos/melos-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-320-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onetone-companion/onetone-companion-111-open-mailer</loc>
<lastmod>2022-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css/custom-css-js-php-241-cross-site-request-forgery-to-remote-code-exectuiron</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/editorialmag/editorialmag-120-missing-authorization-to-authenticated-plugin-activation</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-2244-reflected-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-packing-slips-delivery-notes-and-shipping-labels-440-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-228-insecure-direct-object-reference-to-authenticated-subscriber-user-photo-disconnection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-798-arbitrary-usermeta-update-to-authenticated-author-privilege-escalation</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2432-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-01-14T21:05:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18170-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-launch/flolaunch-24-missing-authorization</loc>
<lastmod>2022-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-memberships-for-paypal/subscriptions-memberships-for-paypal-115-reflected-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/core-web-vitals-pagespeed-booster/core-web-vitals-pagespeed-booster-1012-open-redirect-via-_wp_http_referer</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-modal/wp-post-popup-373-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fiorello/fiorello-florist-and-flower-shop-wordpress-theme-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-200-219-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure-via-admin_donor_profile_view-function</loc>
<lastmod>2025-07-31T16:22:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-quotes/easy-quotes-122-unauthenticated-sql-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-html5-ppv-live-webcams-7216-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zmseo/zmseo-1141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elements-kit-elementor-addons-291-missing-authorization</loc>
<lastmod>2023-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-reflected-cross-site-scripting-via-banner-editing</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-165-reflected-cross-site-scripting</loc>
<lastmod>2017-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-gallery/global-gallery-880-reflected-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WooCommerce-Multi-Locations-Inventory-Management/multiloca-4215-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-gutenberg-blocks-21925-authenticated-contributor-remote-code-execution-via-arbitrary-php-function-call-via-block-attributes</loc>
<lastmod>2026-05-29T20:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dd-roles/dd-roles-41-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-material-design/contact-form-7-material-design-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-picasa-image/wp-picasa-image-10-reflected-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-16-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-198-cross-site-request-forgery-to-folder-management</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-126-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsdownloadlist/dsdownloadlist-13-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-page-with-google-map/contact-page-with-google-map-161-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lineagency/line-agency-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-royalslider/royalslider-342-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emergencywp/emergencywp-142-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-06-02T11:00:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-referral-program/coupon-referral-program-184-sensitive-information-disclosure</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-ribbon/add-ribbon-shortcode-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-issue-manager/multiple-plugins-by-emarket-design-multiple-versions-unauthenticated-limited-remote-code-execution</loc>
<lastmod>2025-08-05T13:47:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-checkout-for-digital-goods/digital-goods-22-cross-site-request-forgery</loc>
<lastmod>2018-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ninjaforms-product-addons/woocommerce-ninja-forms-product-add-ons-170-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-donations/donations-18-unauthenticated-sql-injection</loc>
<lastmod>2022-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/st_newsletter/shiftthis-newsletter-231-sql-injection</loc>
<lastmod>2008-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpo365-login/wordpress-microsoft-office-365-azure-ad-login-272-authenticated-contributor-stored-cross-site-scripting-via-pintra-shortcode</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketplace-items/marketplace-items-155-authenticated-contributor-stored-cross-site-scripting-via-marketplace-shortcode</loc>
<lastmod>2025-01-06T16:31:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radius-blocks/radius-blocks-221-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-comment-by-vivacity/comments-by-startbit-14-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reportattacks/wordpress-report-brute-force-attacks-and-login-protection-reportattacks-plugins-232-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-and-simple-contact-form-by-meg-nicholas/contact-form-clean-and-simple-470-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bannerlid/bannerlid-110-reflected-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-events-tickets/easy-paypal-events-121-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6524-missing-authorization-to-unauthenticated-quiz-data-retrieval</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-advertising-system/advanced-advertising-system-131-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-autho-bio/social-author-bio-24-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clear-sucuri-cache/clear-sucuri-cache-14-missing-authorization</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-925-unauthenticated-sql-injection</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/delicious-recipes-190-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-10-31T18:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-your-smart-pixel-tag-manager-1112-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-2147-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mail/smtp-mail-plugin-1320-cross-site-request-forgery</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-3320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-security/two-factor-authentication-2fa-mfa-otp-sms-and-email-107-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/outdoor/outdoor-132-unauthenticated-sql-injection</loc>
<lastmod>2025-10-14T19:44:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-woocommerce-sale-countdown-290-authenticated-arbitrary-file-upload</loc>
<lastmod>2019-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/royal-elementor-kit/royal-elementor-kit-10116-missing-authorization-to-arbitrary-transient-update</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz/kiwiz-certification-de-facturation-woocommerce-213-unauthenticated-arbitrary-file-download</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alloggio-membership/alloggio-membership-11-authentication-bypass-via-social-login-account-takeover</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-logo-carousel-block/logo-carousel-gutenberg-block-216-authenticated-contributor-stored-cross-site-scripting-via-sliderid-parameter</loc>
<lastmod>2025-04-14T20:36:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-auto-updates/disable-auto-updates-14-cross-site-request-forgery-to-auto-update-disable</loc>
<lastmod>2025-02-18T19:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date-for-woocommerce/order-delivery-date-for-woocommerce-431-missing-authorization</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bravepopup-pro/brave-conversion-engine-pro-077-authentication-bypass-to-administrator</loc>
<lastmod>2025-08-01T21:30:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-log/email-log-247-reflected-cross-site-scripting</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-chat-for-whatsapp/click-to-chat-439-authenticated-contributor-stored-cross-site-scripting-via-num-shortcode-parameter</loc>
<lastmod>2026-06-05T13:37:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-shopping-cart/easy-paypal-shopping-cart-119-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digiwidgets-image-editor/digiwidgets-image-editor-110-unauthenticated-remote-code-execution</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/flash-html5-video-2531-authenticated-subscriber-information-exposure</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code-manager/header-footer-code-manager-1134-cross-site-request-forgery-via-process_bulk_action</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-518-authenticated-contributor-sql-injection</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-834-authenticated-contributor-stored-cross-site-scripting-via-posts-multislider-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmastertoolkit/wpmastertoolkit-wpmtk-2130-authenticated-contributor-code-injection</loc>
<lastmod>2025-12-11T14:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publishpress-authors/publishpress-authors-473-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-259-authenticated-contributor-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2024-05-21T15:42:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-51-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/silvasoft-boekhouden/silvasoft-boekhouden-306-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pearl-header-builder/pearl-134-cross-site-request-forgery-via-stm_save_hb_settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quillforms/quill-forms-370-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/correct-prices/correct-prices-10-reflected-cross-site-scripting-via-php_self-parameter</loc>
<lastmod>2026-05-19T12:08:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modeltheme-framework/modeltheme-framework-200-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-compare-wishlist/jetcomparewishlist-159-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11319-missing-authorization-to-unauthenticated-plugin-settings-disclosure-via-geo_mashup_content-parameter</loc>
<lastmod>2026-05-27T18:02:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplica/duplica-06-authenticated-subscriber-missing-authorization-to-usersposts-duplicates-creation</loc>
<lastmod>2024-07-18T08:55:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-resize-media/bulk-resize-media-11-cross-site-request-forgery-via-bulk_resize_resize_image</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/topbar-id-for-elementor/topbar-id-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/couponer-elementor/couponer-for-elementor-117-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waveplayer/waveplayer-370-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-20225-unauthenticated-php-object-injection</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-reloaded/wp-table-reloaded-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-elite-for-woocommerce/booster-elite-for-woocommerce-117-cross-site-request-forgery</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14107-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cybersoldier/cybersoldier-170-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/file-manager-for-google-drive-integrate-google-drive-with-wordpress-153-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-04T17:38:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nativery/nativery-016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-ab-testing/nelio-ab-testing-4511-server-side-request-forgery</loc>
<lastmod>2016-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-506-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmsguestbook/dmsguestbook-190-cross-site-scripting</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-widget/image-slider-1195-sql-injection</loc>
<lastmod>2018-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/foodbakery-19-reflected-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diamond/diamond-248-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geocache-stat-bar-widget/geocache-stat-bar-widget-0911-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwa-for-wp/pwa-for-wp-amp-1732-arbitrary-file-upload</loc>
<lastmod>2021-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-airbnb-review-slider/wp-airbnb-review-slider-42-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-duplicate-page/wp-duplicate-page-18-missing-authorization-to-authenticated-contributor-arbitrary-post-duplication</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-lockdown/custom-post-type-lockdown-111-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booknetic/booknetic-409-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlyoffice/onlyoffice-docs-110-220-missing-authorization-to-unauthenticated-privilege-escalation-via-callback-function</loc>
<lastmod>2025-07-23T20:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/fraud-prevention-for-woocommerce-and-edd-233-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-collector-for-woocommerce/customer-reviews-collector-for-woocommerce-461-reflected-cross-site-scripting</loc>
<lastmod>2025-11-26T16:39:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phpinfo-wp/phpinfo-wp-50-unauthenticated-information-exposure</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rife-free/rife-free-2419-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-meta-tags/seo-meta-tags-14-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-231-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/responsive-mobile/responsive-mobile-1151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/monolit/monolit-206-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nokri/nokri-job-board-wordpress-theme-162-unauthenticated-arbitrary-password-change</loc>
<lastmod>2025-02-28T18:07:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-links/social-links-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-330-missing-authorization-to-authenticated-contributor-plugin-settings-modification</loc>
<lastmod>2025-12-12T15:46:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-n-drop-upload-cf7-pro/drag-and-drop-multiple-file-upload-pro-contact-form-7-standard-5063-and-2110-reflected-cross-site-scripting</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-visual-composer/livemesh-addons-for-wpbakery-page-builder-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-insecure-direct-object-reference-to-information-exposure</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flightlog/flightlog-302-authenticated-editor-sql-injection</loc>
<lastmod>2021-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hermit/hermit-316-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-04-28T12:01:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-calendar-button/add-to-calendar-button-150-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/riovizual/table-block-by-riovizual-231-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yumpu-epaper-publishing/yumpu-e-paper-publishing-308-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T21:59:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/appointment-and-event-booking-calendar-for-wordpress-amelia-1047-arbitrary-booking-update-and-sensitive-data-exposure</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dofollow-case-by-case/dofollow-case-by-case-342-cross-site-request-forgery-via-getemail-and-geturl</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/coming-soon-page-under-construction-maintenance-mode-by-seedprod-61520-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-41518-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-338-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/civic-cookie-control-8/civic-cookie-control-153-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arielbrailovsky-viralad/arielbrailovsky-viralad-108-unauthenticated-sql-injection</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/an-gradebook/an_gradebook-501-authenticated-subscriber-sql-injection-via-id</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-504-missing-authorization-to-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mindvalley-pagemash/mindvalley-super-pagemash-11-authenticated-editor-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rhythmo/rhythmo-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-2010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-341-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anon2x/anon-2210-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-1418-missing-authorization-to-information-exposure</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-failed-login-attempts/limit-login-attempts-55-unauthenticated-sql-injeciton</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fonts/custom-fonts-host-your-fonts-locally-2116-missing-authorization-to-unauthenticated-font-deletion</loc>
<lastmod>2026-01-19T15:16:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-215-cross-site-scripting</loc>
<lastmod>2014-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-booking/scheduling-plugin-online-booking-for-wordpress-3510-missing-authorization-to-unauthenticated-service-disconnection</loc>
<lastmod>2024-06-17T14:10:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quicklatex/wp-quicklatex-386-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-for-contact-form-7/captchahoneypot-for-contact-form-7-1113-captcha-bypass</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-events-manager/mobile-events-manager-144-cross-site-scripting</loc>
<lastmod>2021-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-649-improper-authorization-to-authenticated-author-settings-reset</loc>
<lastmod>2025-10-17T18:24:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boombox-shortcode/boombox-shortcode-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharespine-woocommerce-connector/sharespine-woocommerce-connector-4755-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-for-elementor/booster-elementor-addons-149-missing-authorization</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woodmart-core/woodmart-core-1036-authentication-bypass-to-privilege-escalation</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sydney-toolbox/sydney-toolbox-131-authenticated-contributor-stored-cross-site-scripting-via-athemes-portfolio-widget</loc>
<lastmod>2024-05-13T23:40:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokmicronews/rokmicronews-15-multiple-vulnerabilities</loc>
<lastmod>2013-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-101414-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-settings-modification</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/curly/curly-33-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logic-pro/visitor-logic-lite-103-unauthenticated-php-object-injection-via-lpblocks-cookie</loc>
<lastmod>2025-12-11T14:22:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptime-robot/uptime-robot-013-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/confix/confix-1013-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-status/custom-post-status-110-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-css-editor/responsive-css-editor-10-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsp-store-locator/jsp-store-locator-10-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrytimer/hurrytimer-2131-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mg-parallax-slider/mg-parallax-slider-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bulk/bulk-1011-missing-authorization</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-2060-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-16T08:37:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tinysalt/cozystay-170-and-tinysalt-390-unauthenticated-php-object-injection-in-ajax_handler</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-duplicate-page/wp-duplicate-page-17-missing-authorization-to-authenticated-contributor-sensitive-information-disclosure</loc>
<lastmod>2025-11-17T21:24:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-category-posts/list-category-posts-0893-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-library-lite/document-library-lite-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6302-cross-site-request-forgery-via-aalchangeoptions-function</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/direct-payments-wp/direct-payments-wp-130-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt-custom-css-page-and-post/royal-custom-css-for-page-and-post-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/culqi-checkout/culqi-3014-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldermail/boldermail-240-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/sysbasics-customize-my-account-for-woocommerce-2822-reflected-cross-site-scripting</loc>
<lastmod>2024-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-marketing-for-wp/smart-marketing-sms-and-newsletters-forms-504-missing-authorization</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpt-shortcode/cpt-shortcode-generator-10-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5802-unauthenticated-stored-cross-site-scripting-via-author-parameter</loc>
<lastmod>2025-07-30T16:23:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-298-reflected-cross-site-scripting-via-set_type-parameter</loc>
<lastmod>2025-01-06T16:09:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-mcp/royal-mcp-secure-ai-connector-for-claude-chatgpt-gemini-142-missing-authorization</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpoauth/secufor_oauth-107-missing-authorization-to-unauthenticated-account-logout-via-secuforoauth_unregister_action-ajax-action</loc>
<lastmod>2026-06-23T16:37:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-216-reflected-cross-site-scripting</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baggage-freight/baggage-freight-shipping-australia-010-arbitrary-file-upload</loc>
<lastmod>2019-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-2110-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-19T19:56:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-15-cross-site-request-forgery-to-account-takeover</loc>
<lastmod>2025-02-19T21:09:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-category-by-user-role-for-woocommerce/hide-category-by-user-role-for-woocommerce-211-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-3511-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-team/team-team-members-showcase-plugin-5011-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360-product-rotation/360-product-rotation-120-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2016-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/hotel-listing-142-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reisen/reisen-141-unauthenticated-php-object-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-32820-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-12-03T00:27:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-205-privilege-escalation</loc>
<lastmod>2021-07-27T05:17:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-2280-sql-injection</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-checker/equalize-digital-accessibility-checker-1420-missing-authorization-to-authenticated-subscriber-arbitrary-accessibility-issue-modification-via-edac_insert_ignore_data-ajax-action</loc>
<lastmod>2026-05-27T18:52:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-admin-columns/wpc-admin-columns-206-210-authenticated-subscriber-privilege-escalation-via-user-meta-update</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/themeisle-sdk-various-versions-missing-authorization</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viitor-shortcodes/viitor-button-shortcodes-300-authenticated-contributor-stored-cross-site-scripting-via-link-shortcode-attribute</loc>
<lastmod>2026-01-06T20:34:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-7401-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-16T12:28:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greek-namedays-widget/greek-namedays-widget-from-eortologionet-20191113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration-aide/user-registration-aide-1538-reflected-cross-site-scripting</loc>
<lastmod>2025-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eventpress/eventpress-222-reflected-cross-site-scripting</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-2053-missing-authorization</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snap-pixel/snap-pixel-158-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-popups/unlimited-pop-ups-144-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-327-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-list/event-list-079-unauthenticated-cross-site-scripting</loc>
<lastmod>2017-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-scoper/role-scoper-1364-reflected-cross-site-scripting</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-bubble/chat-bubble-22-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-post-creative/featured-post-creative-127-missing-authorization-via-wpfp_update_featured_post</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-templates-widgets-1135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-310-authenticated-contributor-local-file-inclusion-via-onepage-scroll-module</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toggle-box/toggle-box-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-the-chatbot-ai-framework-mcp-for-wordpress-332-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-2218-cross-site-scripting</loc>
<lastmod>2019-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noveldesign-store-directory/the-novel-design-store-directory-430-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skyword-plugin/skyword-api-plugin-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:00:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-integrator/wordpress-integrator-132-cross-site-scripting</loc>
<lastmod>2012-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-login-page-logo/wp-custom-admin-login-page-logo-1484-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-10T15:13:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartseo/smart-seo-212-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery-with-slideshow/image-gallery-with-slideshow-152-sql-injection-via-gallery_name</loc>
<lastmod>2017-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xo-security/xo-security-153-cross-site-scripting</loc>
<lastmod>2017-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75417212-reflected-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta-manager/user-meta-manager-plugin-347-privilege-escalation</loc>
<lastmod>2016-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-admin-login/change-wp-admin-login-109-missing-authorization-checks</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-445-missing-authorization</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formbuilder/formbuilder-105-reflected-cross-site-scripting</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-15-243-reflected-cross-site-scripting</loc>
<lastmod>2016-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wapppress-builds-android-app-for-website/wapppress-604-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dealia-request-a-quote/dealia-108-authenticated-contributor-stored-cross-site-scripting-via-gutenberg-block-attributes</loc>
<lastmod>2026-02-18T21:07:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2914-missing-authorization</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-211-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-humanstxt/wp-humanstxt-106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-blogtitle/flexible-blogtitle-01-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zotpress/zotpress-733-reflected-cross-site-scripting</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11402-cross-site-scripting</loc>
<lastmod>2019-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dtree-30/wp-dtree-445-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/motors/motors-5667-unauthenticated-privilege-escalation-via-password-updateaccount-takeover</loc>
<lastmod>2025-05-19T16:51:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-employee-attendance-system/wp-employee-attendance-system-35-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-5172-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3910-authenticated-contributor-stored-cross-site-scripting-via-embedpress-pdf-widget</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-220-jwt-token-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/black-widgets/black-widgets-for-elementor-137-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-29T22:56:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-order-by/wp-order-by-142-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-llms-txt/website-llmstxt-826-reflected-cross-site-scripting</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unitimetable/unitimetable-11-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-user-registration-login-membership-plugin-2045-arbitrary-file-deletionread</loc>
<lastmod>2019-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-361-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-446-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meteor/wp-meteor-website-speed-optimization-addon-343-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-codice-fiscale/woo-codice-fiscale-163-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-363-cross-site-request-forgery</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dvk-social-sharing/social-sharing-by-danny-137-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post-and-page/duplicate-page-and-post-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backup-and-restore-wordpress-150-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gardis/gardis-1213-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-popups/unlimited-popups-453-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/lifetime-free-drag-drop-contact-form-builder-for-wordpress-vform-215-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-30T17:00:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kopa-nictitate-toolkit/kopa-nictitate-toolkit-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phplist-form-integration/wp-phplist-17-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-609-missing-authorization-to-sensitive-information-disclosure-in-avia-export-classphp</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-lucky-wheel/lucky-wheel-for-woocommerce-spin-a-sale-1010-cross-site-scripting</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-7410-authenticated-contributor-stored-cross-site-scripting-via-max_width-shortcode-attribute</loc>
<lastmod>2026-03-31T10:25:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-lite-176-authenticatedadmin-sql-injection</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/icegram-email-subscribers-newsletters-450-authenticated-sql-injection</loc>
<lastmod>2020-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilepress-pro/profilepress-pro-4111-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/irecco-core/irecco-core-136-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-870-missing-authorization-to-authenticated-subscriber-arbitrary-post-trashing</loc>
<lastmod>2025-11-24T15:38:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gls-shipping-for-woocommerce/gls-shipping-for-woocommerce-140-reflected-cross-site-scripting-via-failed_orders</loc>
<lastmod>2026-05-13T17:16:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41018-authenticated-contributor-stored-cross-site-scripting-via-onclick-events</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-move-topics/bbpress-move-topics-114-cross-site-request-forgery</loc>
<lastmod>2018-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eazydocs/eazydocs-280-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendor-marketplace-solution-for-woocommerce-wc-marketplace-38118-multiple-unprotected-ajax-actions</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-builder-by-vcita-4103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingeasy/listingeasy-192-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-by-datafeedrcom/ads-by-datafeedrcom-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedule-posts-calendar/schedule-posts-calendar-52-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/db-tables-importexport/db-tables-importexport-101-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-4101-sensitive-information-exposure-via-api</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hashtagger/smart-hashtags-hashtagger-723-missing-authorization</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-569-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revolution_video_player/revolution-video-player-292-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chative-live-chat-and-chatbot/chative-live-chat-and-chatbot-11-cross-site-request-forgery-via-add_chative_widget_action-function</loc>
<lastmod>2025-01-06T15:09:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode-210-missing-authorization</loc>
<lastmod>2019-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-generator-lab/ai-image-lab-free-ai-image-generator-106-cross-site-request-forgery-to-api-key-update</loc>
<lastmod>2025-06-13T19:41:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1706-unauthenticated-price-manipulation-via-amount-parameter</loc>
<lastmod>2026-04-27T18:18:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookshelf/bookshelf-204-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/view-all-posts-pages/view-all-posts-pages-090-reflected-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sitemap/simple-sitemap-create-a-responsive-html-sitemap-360-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/glamer/glamer-102-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-team-manager/team-manager-2316-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertcalculator/convertcalculator-for-wordpress-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-auto-tool/ai-auto-tool-content-writing-assistant-gemini-writer-chatgpt-all-in-one-226-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-1292-php-object-injection</loc>
<lastmod>2018-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4123-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recently-viewed-and-most-viewed-products/recently-viewed-and-most-viewed-products-111-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/molla/molla-ecommerce-html5-template-1519-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-wrapper/iframe-wrapper-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/wp-ultimate-exporter-241-unauthenticated-information-disclosure</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qs-dark-mode/qs-dark-mode-plugin-29-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T21:09:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon/coming-soon-page-maintenance-mode-181-unauthenticated-settings-reset</loc>
<lastmod>2019-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-voting-contest/wp-voting-contest-58-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-content/restrict-224-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/template-kit-import/template-kit-import-1014-authenticatedauthor-stored-cross-site-scripting-via-template-upload</loc>
<lastmod>2024-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsgvo-google-web-fonts-gdpr/dsgvo-google-web-fonts-gdpr-11-unauthenticated-arbitrary-file-upload-via-fonturl-parameter</loc>
<lastmod>2026-04-07T17:40:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-slideshow-manager/simple-slideshow-manager-21-cross-site-request-forgery</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spam-comments/stop-spam-comments-0212-protection-mechanism-bypass</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/wp-foodbakery-33-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-30-stored-cross-site-scripting</loc>
<lastmod>2018-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/automatic-3920-unauthenticated-arbitrary-file-download-and-server-side-request-forgery</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unconfirmed/unconfirmed-125-reflected-cross-site-scripting</loc>
<lastmod>2014-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-plugin-499-missing-authorization-and-sensitive-information-exposure-via-idor</loc>
<lastmod>2024-06-13T21:00:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginwp-pro/loginwp-pro-4085-missing-authorization</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardealer/car-dealer-304-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ubermenu/ubermenu-383-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2024-06-21T16:39:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/business-roy/business-roy-114-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnel-builder-by-funnelkit-3102-authenticated-administrator-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-reviews/wp-review-slider-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-363-cross-site-request-forgery</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-premium-4560-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mcatfilter/mcatfilter-052-cross-site-request-forgery-via-compute_post-function</loc>
<lastmod>2026-04-21T19:06:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/playlist-for-youtube/playlist-for-youtube-132-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-3921-cross-site-request-forgery</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rescue-shortcodes/rescue-shortcodes-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-everything/search-everything-815-sql-injection</loc>
<lastmod>2016-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-421-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unlimited/unlimited-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-manager/wp-plugin-manager-117-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-based-pricing-for-woocommerce/role-based-pricing-for-woocommerce-161-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/wpdm-premium-packages-602-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-bootstrap-shortcodes/easy-bootstrap-shortcode-454-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-attachments/download-attachments-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T16:38:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2302-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi/relevanssi-a-better-search-3571-stored-cross-site-scripting</loc>
<lastmod>2017-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakout/speakout-email-petitions-403-reflected-cross-site-scripting</loc>
<lastmod>2022-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devvn-image-hotspot/image-hotspot-by-devvn-125-authenticated-author-php-object-injection</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seur/seur-oficial-2223-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theroof/theroof-103-reflected-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-shipping-dpd-baltic/dpd-baltic-shipping-1283-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:44:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-retriever/wordpress-rss-feed-retriever-167-cross-site-request-forgery</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/social-share-social-login-and-social-comments-71351-reflected-cross-site-scripting</loc>
<lastmod>2023-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gpx-maps/wp-gpx-map-1705-missing-authorization</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-368-authenticated-author-stored-cross-site-scripting-via-custom-scripts-setting</loc>
<lastmod>2025-12-20T14:53:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-uk-map/interactive-uk-map-348-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wanderic/wanderic-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wp-weixin/wp-weixin-1316-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp125/wp125-154-cross-site-request-forgery-to-arbitrary-ad-deletion</loc>
<lastmod>2021-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wilmer/wilmr-35-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dewplayer-flash-mp3-player/dewplayer-12-and-advanced-dewplayer-15-content-spoofinginjection</loc>
<lastmod>2013-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-salesautopilot-shortcode/surbma-salesautopilot-shortcode-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:16:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordsurvey/wordsurvey-32-authenticated-administrator-stored-cross-site-scripting-via-sounding_title-parameter</loc>
<lastmod>2024-08-20T17:26:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-altcoin-payment-gateway/bitcoin-altcoin-payment-gateway-for-woocommerce-multivendor-store-shop-160-reflected-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealer-classifieds-listing-149-missing-authorization</loc>
<lastmod>2024-07-01T18:52:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-drive-wp-media/google-drive-wp-media-244-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-wordpress-custom-fields-framework-593-authenticated-contributor-information-exposure-via-post-meta</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-143-reflected-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-bank/contact-bank-contact-form-builder-for-wordpress-2123-reflected-cross-site-scripting</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-471-authenticated-subscriber-directory-traversal</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-splitter/order-splitter-for-woocommerce-535-missing-authorization-to-authenticated-subscriber-order-information-exposure</loc>
<lastmod>2026-02-17T16:30:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-reviews-shortcode/builder-for-woocommerce-reviews-shortcodes-reviewshort-1013-cross-site-request-forgery</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-259-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-145-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/wc-marketplace-4213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-745-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-6464-authenticatedadministator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-550-authenticated-subscriber-stored-cross-site-scripting-via-customer-cabinet-profile-update</loc>
<lastmod>2026-05-05T18:29:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goza-theme/goza-nonprofit-charity-wordpress-theme-322-missing-authorization-to-unauthenticated-arbitrary-file-upload-via-plugin-installation</loc>
<lastmod>2025-09-08T19:58:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/language-icons-flags-switcher/flag-icons-22-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-212-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ravelry-designs-widget/ravelry-designs-widget-100-authenticated-contributor-stored-cross-site-scripting-via-sb_ravelry_designs-shortcode-layout-attribute</loc>
<lastmod>2026-02-13T18:33:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-151-reflected-cross-site-scripting</loc>
<lastmod>2020-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-5749-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-0188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotpo-reviews-for-woocommerce/yotpo-reviews-for-woocommerce-unofficial-204-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-links-manager/affiliate-links-manager-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colorful-categories/colorful-categories-2015-cross-site-request-forgery</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-google-address-autocomplete/address-autocomplete-via-google-for-gravity-forms-134-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/register-ip-multisite/register-ips-180-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2019-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-416-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pets/pets-141-reflected-cross-site-scripting</loc>
<lastmod>2025-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotel-listing/multiple-e-plugins-various-versions-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-messages-tool/bp-messages-tool-22-reflected-cross-site-scripting</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-wallcreeper/wp-wallcreeper-161-missing-authorization-to-authenticated-susbcriber-cache-enabledisable</loc>
<lastmod>2025-07-23T20:39:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-yard-sale/community-yard-sale-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kings-tab-slider/kings-tab-slider-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smiley/wp-smiley-141-cross-site-scripting</loc>
<lastmod>2015-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-ultimate-template-builder-for-elementor-215-authenticated-contributor-stored-cross-site-scripting-via-heading-widget</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-import-deletion</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creative-blocks/creative-blocks-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stafflist/stafflist-316-reflected-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-2616-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/horizon/horizon-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-747-authenticated-contributor-stored-cross-site-scripting-via-su_lightbox-shortcode</loc>
<lastmod>2026-04-03T19:32:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/molongui-477-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-recent-posts/advanced-recent-posts-0614-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiempocom/tiempocom-012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-27312-admin-file-upload-to-remote-code-execution</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-3128-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tricks/jettricks-151-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corbesier/corbesier-1150-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seos-contact-form/seos-contact-form-180-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-create-highly-converting-mobile-friendly-marketing-popups-442-improper-authorization-to-unauthenticated-subscriber-removal-via-predictable-tokens</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-870-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_delete_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-images-redirection/404-image-redirection-replace-broken-images-14-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alloggio/alloggio-hotel-booking-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upstream/upstream-a-project-management-plugin-for-wordpress-210-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-wordpress-plugin-314-unauthenticated-stored-self-based-cross-site-scripting</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-upload-files-anywhere/upload-files-anywhere-28-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zita-site-library/zita-elementor-site-library-162-missing-authorization-to-page-creation-and-options-modification</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingo/listingo-325-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/about-me-3000/about-me-3000-widget-226-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-596-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-450-missing-authorization-to-unauthenticated-limited-sensitive-information-exposure</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/app-builder/app-builder-388-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-312-authenticated-administrator-sql-injection</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worker-elementor/worker-for-elementor-1010-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-terms-popup/wp-terms-popup-terms-and-conditions-and-privacy-policy-wordpress-popups-2100-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mikado-core/mikado-core-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delay-redirects/delay-redirects-100-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-01-09T11:11:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikappointments/vikappointments-services-booking-calendar-1216-cross-site-request-forgery</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wproject/wproject-580-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-team-manager/wordpress-team-manager-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-06-14T09:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-742-authenticated-contributor-stored-cross-site-scripting-via-plugin-shortcodes</loc>
<lastmod>2025-07-20T19:04:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sogrid/wordpress-post-grid-layouts-with-pagination-sogrid-156-authenticated-admin-local-file-inclusion</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sessions/sessions-320-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reformer-elementor/reformer-for-elementor-106-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-151-reflected-cross-site-scripting</loc>
<lastmod>2012-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt-prettyphoto/royal-prettyphoto-12-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-plugin-275-sensitive-information-disclosure</loc>
<lastmod>2016-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/gpt-ai-power-1437-missing-authorization</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumb-navxt/breadcrumb-navxt-750-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kathmag/multiple-sparklewpthemes-themes-various-versions-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myworks-woo-sync-for-quickbooks-online/myworks-woocommerce-sync-for-quickbooks-online-291-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2711-missing-authorization-via-_tool_history_delete</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodnews5/goodnews-responsive-wordpress-newsmagazine-news-editorial-5111-reflected-cross-site-scripting</loc>
<lastmod>2016-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-otp-verification/miniorange-otp-verification-421-missing-authorization-via-dismiss_notice</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-jobs/js-job-manager-200-authenticated-subscriber-stored-cross-site-scripting-via-title</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentstudio/contentstudio-125-information-exposure</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wizhi-multi-filters/wizhi-multi-filters-by-wenprise-186-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjqp-datepicker/wp-jquery-persian-datepicker-010-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-500-reflected-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-537-authenticated-subscriber-missing-authorization-to-multiple-functions</loc>
<lastmod>2025-09-08T17:53:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlock-addons-for-elementor/unlock-addons-for-elementor-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-182-sensitive-information-exposure</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kundgenerator/kundgenerator-106-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-tracking-for-woocommerce/cart-tracking-for-woocommerce-1017-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schreikasten/schreikasten-01418-authenticated-author-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-11116-authenticated-admin-phar-deserialization</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sertifier-certificates-open-badges/sertifier-certificate-badge-maker-121-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-customers/wp-e-customers-beta-001-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cardealer/cardealer-164-cross-site-request-forgery-to-user-update-via-update_user_profile</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surferseo/surfer-164574-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-351-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buymeacoffee/buy-me-a-coffee-button-and-widget-plugin-37-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6076-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledge-center/knowledge-center-27-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-262-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-total-sales/woo-total-sales-314-missing-authorization-to-unauthenticated-sales-report-retrieval</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-218-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pe-easy-slider/pe-easy-slider-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide/slides-presentations-0039-missing-authorization</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slim-seo/slim-seo-453-authenticated-contributor-stored-cross-site-scripting-via-slim_seo_breadcrumbs-shortcode</loc>
<lastmod>2025-05-20T20:50:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devformatter/developer-formatter-2015021-authenticated-administrator-stored-cross-site-scripting-via-custom-css</loc>
<lastmod>2025-06-05T18:42:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debranding/debranding-102-privilege-escalation</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-quick-product-editor/woocommerce-bulk-product-editor-30-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soleng/soleng-105-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-398-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3491-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate-Premium-Plugin/usm-premium-162-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode-210-cross-site-request-forgery-to-stored-cross-site-scripting-and-setting-changes</loc>
<lastmod>2020-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tweet-old-post/revive-old-posts-9010-authenticated-admin-php-object-injection</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/rtmkit-addons-for-elementor-202-authenticated-author-missing-authorization-to-widget-configuration-modification</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tripadvisor-review-slider/wp-tripadvisor-review-slider-107-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3221-missing-authorization-to-authenticated-subscriber-private-gallery-title-disclosure</loc>
<lastmod>2024-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-categories/wp-media-categories-210-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2030-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2024-06-28T19:02:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-poll/simply-poll-141-cross-site-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-504-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-iframe-images-gallery/iframe-images-gallery-90-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles/tinymce-professional-formats-and-styles-112-cross-site-request-forgery-via-bb_taps_backend_page</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lock-user-account/lock-user-account-105-user-lock-bypass</loc>
<lastmod>2024-11-20T13:51:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-user-role-editor/wpfront-user-role-editor-32111184-reflected-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmash-custom/postmash-custom-custom-post-order-103-unauthenticated-sql-injection</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ailab/ai-lab-542-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-review-slider-pro/wp-review-slider-pro-1268-authenticated-subscriber-sql-injection-via-curselrevs-parameter</loc>
<lastmod>2026-06-15T18:29:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alttext-ai/download-alt-text-ai-134-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responder/responder-438-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/6storage-rentals/6storage-rentals-2194-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-wp-login-integration-with-active-directory/ldap-wp-login-active-directory-integration-301-missing-authorization</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-339-reflected-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microaudio/audio-player-062-remote-file-inclusion</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bxslider-integration/bxslider-integration-for-wordpress-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.7/wordpress-core-553-php-object-injection-gadget</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-412-cross-site-scripting-via-ephox-in-plupload</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-application-firewall/malware-scanner-472-and-web-application-firewall-211-unauthenticated-privilege-escalation</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-section/team-section-block-200-authenticated-contributor-stored-cross-site-scripting-via-social-network-link</loc>
<lastmod>2026-01-16T17:54:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugin/download-plugin-162-missing-authorization-and-sensitive-information-exposure</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tin-canny-learndash-reporting/tin-canny-reporting-for-learndash-4307-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-144-php-object-injection</loc>
<lastmod>2015-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-126-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2024-05-10T09:04:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-effects/wp-photo-effects-124-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-02T22:11:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedule/schedule-100-unauthenticated-sql-injection</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ayyash-studio/ayyash-studio-103-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-03-25T14:11:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-mls-listings-import/easy-mls-listings-import-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:40:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1003-mortgage-application/1003-mortgage-application-175-unauthenticated-csv-injection</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-slider-widget/image-slider-11121-cross-site-request-forgery-to-post-duplication</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miraculous/miraculous-multi-vendor-online-music-store-elementor-wordpress-theme-212-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amministrazione-trasparente/amministrazione-trasparente-71-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-523-authenticated-cross-site-scripting-via-post-previews</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidyro/tidyro-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-restaurant-reservations/restaurant-reservations-17-sql-injection</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rocket-font/rocket-font-123-cross-site-request-forgery-via-update_option_check_match_default</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusedwooPRO/infusedwoo-pro-512-authenticated-subscriber-missing-authorization-to-privilege-escalation-via-arbitrary-user-meta-update</loc>
<lastmod>2026-05-13T18:13:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10web-map-builder-for-google-maps-1073-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-187-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-addons-for-elementor-page-templates-widgets-mega-menu-woocommerce-649-authenticated-contributor-stored-cross-site-scripting-via-progress-bar</loc>
<lastmod>2026-04-07T16:43:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2251-unauthenticated-csv-injection</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-162-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-350-cross-site-request-forgery-to-plugin-deactivation-via-edd_sendwp_disconnect-and-edd_sendwp_remote_install-functions</loc>
<lastmod>2025-08-19T23:05:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eagle-booking/eagle-booking-1343-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-443-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-addon-for-elementor/image-hover-effects-elementor-addon-143-authenticated-contributor-stored-cross-site-scripting-via-eihe_link-parameter</loc>
<lastmod>2024-07-15T17:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kossy/kossy-minimalist-ecommerce-wordpress-theme-145-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-19952-authenticated-contributor-arbitrary-directory-deletion</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/towny/towny-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microcopy/microcopy-110-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-261-authenticatedconstibutor-stored-cross-site-scripting-via-custom-field-name</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lexicata/lexicata-1016-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1396-missing-authorization-to-arbitrary-booking-confirmation-via-cpabc_ipncheck-parameter</loc>
<lastmod>2025-11-21T18:51:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/documentpress-display-any-document-on-your-site/documentpress-21-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blockbooster/blockbooster-1010-missing-authorization</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animate/animate-05-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoice-payment-for-woocommerce/invoice-payment-for-woocommerce-172-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slingblocks/slingblocks-gutenberg-blocks-by-funnelkit-formerly-woofunnels-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ehive-objects-image-grid/ehive-objects-image-grid-241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-compare-products/compare-products-for-woocommerce-321-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-06T16:03:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-565-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-307-reflected-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpide/wpide-26-authenticated-administrator-arbitrary-file-read</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tmm_paypal_checkout/thememakers-paypal-express-checkout-119-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/techlink/techlink-13-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-28T16:22:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2100-unauthenticated-stored-cross-site-scripting-via-calculation-product-field-in-repeater</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-plugin-library/post-plugin-library-2621-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mojoplug-slide-panel/mojoplug-slide-panel-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-287-sensitive-information-disclosure-via-directory-listing</loc>
<lastmod>2016-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-documents-shortcode/embed-documents-shortcode-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-profile-creation</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-381-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg_zoominoutslider/responsive-zoom-inout-slider-wordpress-plugin-unknown-versions-cross-site-scripting</loc>
<lastmod>2013-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imgspider/imgspider-2310-authenticated-contributor-arbitrary-file-upload-via-upload</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sirat/sirat-151-missing-authorization</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-461-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoicing/getpaid-2811-missing-authorization-via-column_subscription</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-multiple-addresses/woocommerce-ship-to-multiple-addresses-389-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/golo/golo-city-travel-guide-wordpress-theme-170-unauthenticated-privilege-escalation</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-image-menu/accordion-image-menu-313-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trackserver/trackserver-502-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T14:10:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-to-webp/images-to-webp-18-local-file-inclusion</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-types/wp-easy-post-types-144-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-basic-contact-form/simple-basic-contact-form-20250114-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-log/admin-log-150-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-artillery/email-artillery-mass-email-41-authenticated-sql-injection</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yada-wiki/yada-wiki-34-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribe/email-subscription-popup-1216-reflected-cross-site-scripting</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hydro/hydro-28-reflected-cross-site-scripting</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-270-insufficient-authorization-to-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patreon-connect/patreon-wordpress-170-reflected-cross-site-scripting</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/double-the-donation/double-the-donation-300-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:02:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15140-authenticated-contributor-stored-cross-site-scripting-via-transparent-split-hero-widget</loc>
<lastmod>2025-02-19T19:05:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snapwidget-wp-instagram-widget/snapwidget-social-photo-feed-widget-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-web-tools/catch-web-tools-270-missing-authorization</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-invite-codes/all-in-one-invite-codes-1015-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/article-directory-redux/article-directory-redux-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-461-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-348-admin-access-via-password-reset</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-1010-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3610-authenticated-contributor-sql-injection</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/saphali-liqpay-for-donate/saphali-liqpay-for-donate-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-07T20:46:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/teardrop/teardrop-fullscreen-photography-theme-portfolio-185-arbitrary-options-update</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/0-day-analytics/0-day-analytics-400-authenticated-administrator-sql-injection</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attention-bar/attention-bar-0721-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminimize/adminimize-11111-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-400-cross-site-scripting</loc>
<lastmod>2020-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/genemy/genemy-166-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro-lite/image-map-pro-drag-and-drop-builder-for-interactive-images-lite-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-167-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mopinion-feedback-form/mopinion-feedback-form-111-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-315-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-republish/revivepress-keep-your-old-content-evergreen-156-missing-authorization</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-313-authenticated-contributor-stored-cross-site-scripting-via-mla_gallery-shortcode</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2android-turn-wp-site-into-android-app/wp2android-114-arbitrary-file-upload</loc>
<lastmod>2017-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-1944-authentication-bypass</loc>
<lastmod>2020-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logaster-logo-generator/logaster-logo-generator-13-missing-authorization-to-arbitrary-media-deletion-and-creation</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenberg/gutenberg-1290-1800-unauthenticated-authenticated-contributor-stored-cross-site-scripting-via-avatar-block</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-stories/web-stories-for-wordpress-1310-insufficient-authorization</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-bolt/backup-bolt-141-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty-pro/chaty-pro-333-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-1260-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyfonts/easyfonts-112-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-251-remote-file-inclusion-leading-to-remote-code-execution-via-cross-site-request-forgery</loc>
<lastmod>2021-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-12081-reflected-cross-site-scripting</loc>
<lastmod>2017-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidablepro-2-pdf/formidable-pro2pdf-309-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/contact-form-lead-form-elementor-builder-163-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagerestrict/page-restrict-255-protection-mechanism-bypass</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otpless/otp-less-one-tap-sign-in-2014-2059-unauthenticated-arbitrary-email-update-to-account-takeoverprivilege-escalation</loc>
<lastmod>2025-05-01T13:11:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/regenerate-post-permalinks/regenerate-post-permalink-103-cross-site-request-forgery</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-524-protection-bypass-of-renamed-login-page-via-url-encoding</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-21-full-path-disclosure</loc>
<lastmod>2007-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghostkit/ghost-kit-page-builder-blocks-motion-effects-extensions-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-gallery/gallery-manager-1658-reflected-cross-site-scripting</loc>
<lastmod>2024-11-15T14:58:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/smart-agenda-47-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-ultimate-csv-importer-798-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-282-unauthenticated-sql-injection</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/file-manager-63-authenticated-admin-arbitrary-os-file-access-via-path-traversal</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/myriad/myriad-20-arbitrary-file-download</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-order-management-for-woocommerce/klarna-order-management-for-woocommerce-198-authenticated-shop-manager-information-disclosure-via-log-files</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-346-missing-authorization-to-authenticated-subscriber-arbitrary-user-deletion</loc>
<lastmod>2025-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tm-replace-howdy/tm-replace-howdy-142-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/menu-ordering-reservations-236-reflected-cross-site-scripting-via-redirect</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-277-arbitrary-file-upload-and-remote-code-execution-via-import-settings</loc>
<lastmod>2020-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-5720-unauthenticated-sql-injection-via-hash</loc>
<lastmod>2024-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4132-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit/elementskit-pro-361-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-225-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-157-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-audit/wp-database-audit-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-133-arbitrary-post-deletion-via-cross-site-request-forgery</loc>
<lastmod>2021-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abg-rich-pins/abg-rich-pins-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5944-missing-authorinzation-to-authenticated-subscriber-join-group-requests-management</loc>
<lastmod>2025-03-21T16:15:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-to-database-extension/contact-form-db-2829-cross-site-request-forgery-via-a-request-in-the-cf7dbpluginsubmissions-page-to-wp-adminadminphp</loc>
<lastmod>2015-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-twitter-mega-fan-box/wp-twitter-mega-fan-box-widget-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-via-taxonomies/related-posts-via-taxonomies-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager-pro/task-manager-pro-131-stored-cross-site-scripting</loc>
<lastmod>2017-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-test-email-sending</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-631-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp2go/smtp2go-for-wordpress-1160-missing-authorization-to-authenticated-subscriber-log-readtruncate</loc>
<lastmod>2026-05-27T17:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-149-insecure-direct-object-reference-to-authenticated-author-arbitrary-style-modification-via-page_id-parameter</loc>
<lastmod>2026-06-30T19:07:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hercules-core/hercules-core-64-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/crm-wordpress-plugin-repairbuddy-372-sql-injection</loc>
<lastmod>2022-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hungarian-pickup-points-for-woocommerce/csomagpontok-s-szlltsi-cmkk-woocommerce-hez-1902-cross-site-request-forgery</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-address-book/woocommerce-address-book-160-cross-site-request-forgery</loc>
<lastmod>2019-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-431-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/builder-shortcode-extras/builder-shortcode-extras-wordpress-shortcodes-collection-to-save-you-time-100-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-02-06T18:17:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-reviews/listingpro-reviews-2911-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-invoices/exchange-addon-invoices-140-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-417-admin-stored-cross-site-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-banner/random-banner-4211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-1023-authenticated-administrator-stored-cross-site-scripting-via-feedtitle</loc>
<lastmod>2023-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-album-gallery/my-album-gallery-104-authenticated-contributor-stored-cross-site-scripting-via-style_css-shortcode-attribute</loc>
<lastmod>2026-01-06T20:39:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer/pdf-viewer-01-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-160-authenticated-administrator-remote-code-execution</loc>
<lastmod>2025-01-30T00:57:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-articles/embed-articles-703-reflected-cross-site-scripting</loc>
<lastmod>2015-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdlr-hotel/goodlayers-hotel-314-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-price-list-for-woocommerce/wr-price-list-manager-for-woocommerce-108-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-553-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-155-authenticated-subscriber-settings-change</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-469-insufficient-authorization-on-mulitple-ajax-actions</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kingcomposer/page-builder-kingcomposer-294-stored-cross-site-scripting</loc>
<lastmod>2020-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-2715-authenticated-contributor-stored-cross-site-scripting-via-twitter-buttons-widget</loc>
<lastmod>2024-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-lite/nex-forms-lite-82-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-333-authenticated-admin-phar-deserialization</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-206-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-616-information-exposure</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drozd-addons-for-elementor/drozd-addons-for-elementor-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photospace-responsive/photospace-responsive-117-cross-site-scripting</loc>
<lastmod>2019-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-widget-area/wp-custom-widget-area-125-missing-authorization</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7310-missing-authorization</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-31121-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-schema-pro/schema-pro-278-authenticatedcontributor-missing-authorization</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qards/qards-all-versions-stored-cross-site-scripting</loc>
<lastmod>2017-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/letruffe/le-truffe-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-query-creator/wp-query-creator-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger/tiger-10121-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-11-26T16:19:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoswipe-masonry/photoswipe-masonry-gallery-1214-stored-cross-site-scripting</loc>
<lastmod>2022-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-for-post-and-widget/blog-designer-post-and-widget-23-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-uploader/wp-image-uploader-101-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-581-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-314-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/viewmedica/viewmedica-9-1417-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:39:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancybox-for-wordpress/fancybox-for-wordpress-302-stored-cross-site-scripting</loc>
<lastmod>2015-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quick-view/woocommerce-quick-view-111-unauthenticated-information-disclosure</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/splitit-installment-payments/splitit-428-missing-authorization-to-multiple-administrative-actions</loc>
<lastmod>2025-05-20T20:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/policy-genius/policy-genius-204-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-5310-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-261-cross-site-request-forgery</loc>
<lastmod>2023-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropbox-folder-share/dropbox-folder-share-197-unauthenticated-local-file-inclusion</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-328-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-1066-unauthenticated-php-object-injection</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-twine/embed-twine-010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:04:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-login-redirect/loginwp-3005-reflected-cross-site-scripting-via-rul_login_url-rul_logout_url-parameter</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-donation-box/cryptocurrency-donation-box-bitcoin-crypto-donations-2213-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6710-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1395-missing-authorization</loc>
<lastmod>2025-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-audio/trinity-audio-5210-unauthenticated-information-exposure</loc>
<lastmod>2025-10-10T19:20:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21446-unauthenticated-sql-injection-via-predictable-api-key-and-ip-whitelist-bypass</loc>
<lastmod>2026-02-03T19:43:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/append-content/append-content-211-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumomemberships/sumo-memberships-for-woocommerce-780-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-social-login-pro/nextend-social-login-pro-3116-authentication-bypass-via-apple-oauth-provider</loc>
<lastmod>2025-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-revive-adserver/wp-revive-adserver-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:12:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-amasin-the-amazon-affiliate-shop/wp-amasin-the-amazon-affiliate-shop-096-local-file-inclusion</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-ajax/login-with-ajax-316-cross-site-scripting</loc>
<lastmod>2017-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/network-posts-extended/network-posts-extended-771-authenticated-contributor-stored-cross-site-scripting-via-post_height-parameter</loc>
<lastmod>2025-05-20T20:30:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dashboard-notes/wp-dashboard-notes-1010-missing-authorization-to-arbitrary-private-notes-update</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-woocommerce/import-woocommerce-11-reflected-cross-site-scripting</loc>
<lastmod>2016-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-099720-stored-cross-site-scripting</loc>
<lastmod>2018-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ozisti/ozisti-1110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-product-feed-for-woocommerce/woocommerce-product-feed-for-google-facebook-ebay-and-many-more-3114-reflected-cross-site-scripting</loc>
<lastmod>2019-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-share-vod/video-share-vod-279-reflected-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimize-more-css/optimize-more-css-103-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2025-10-02T22:32:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-creator/bulk-creator-101-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3911-server-side-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-sorter/the-sorter-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smushit/smush-lazy-load-images-optimize-compress-images-398-cross-site-scripting</loc>
<lastmod>2022-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-widget-extended/recent-posts-widget-extended-0993-cross-site-scripting</loc>
<lastmod>2015-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-221-cross-site-scripting</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-176-unprotected-ajax-including-privilege-escalation</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-602-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-listings-and-ads/google-for-woocommerce-286-information-disclosure-via-publicly-accessible-php-info-file</loc>
<lastmod>2024-11-18T09:24:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-162-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hover-image-button/hover-image-button-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-club-manager/wp-club-manager-wordpress-sports-club-plugin-2210-missing-authorization-to-unauthenticated-event-permalink-update</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-980-authenticated-admin-stored-cross-site-scripting-via-text-color</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-112-authenticated-contributor-sql-injection-via-key</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1359-insufficient-access-control-to-template-import</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ithemes-mobile/ithemes-mobile-128-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-groups/uncanny-groups-for-learndash-6101-authenticated-group-leader-privilege-escalation</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinychat-roomspy/tinychat-room-spy-128-reflected-cross-site-scripting</loc>
<lastmod>2015-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-to-embed/iframe-to-embed-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3923-reflected-cross-site-scripting</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-free/real-testimonials-2511-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-blog-post-block/advanced-blog-post-block-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yoo-bar/top-and-footer-bars-for-announcements-notifications-advertisements-promotions-yoobar-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:23:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/information-reel/information-reel-100-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-498-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesalex/wholesalex-131-authenticatedsubscriber-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-missing-authorization-in-delete_badgeos_log_entries</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cstardesign/cstar-design-wordpress-theme-49-sql-injection</loc>
<lastmod>2012-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1340-reflected-cross-site-scripting</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-post-preview/just-post-preview-widget-111-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/window-blinds-solution/blindmatrix-e-commerce-30-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-appointment-lite/motopress-appointment-booking-245-authenticated-staff-sql-injection-via-s-parameter</loc>
<lastmod>2026-06-30T20:06:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10web-map-builder-for-google-maps-1072-unauthenticated-sql-injection-via-multiple-parameters</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-338-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/wp-block-and-stop-bad-bots-688-sql-injection</loc>
<lastmod>2022-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w4-post-list/w4-post-list-245-authenticated-contributor-stored-cross-site-scripting-via-block-options</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/playerjs/playerjs-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-slider-gallery-form-modal-data-table-tab-particle-free-elementor-widgets-elementor-templates-354-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-builder-551-authenticated-contributor-stored-cross-site-scripting-via-bt_bb_tabs-shortcode</loc>
<lastmod>2026-02-06T17:29:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-156-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms/constant-contact-forms-187-editor-stored-cross-site-scripting</loc>
<lastmod>2020-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsfirewall/rsfirewall-1124-ip-address-spoofing</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-212-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-306-incorrect-authorization-checks</loc>
<lastmod>2011-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-vendors/wc-vendors-marketplace-247-authenticated-shop-manager-sql-injection-via-search-dates</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox-photo-gallery/lightbox-photo-gallery-10-cross-site-request-forgery</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteground-email-marketing/siteground-email-marketing-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/martinus-partnersky-system/partnersk-systm-martinus-171-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:11:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-144-cross-site-request-forgery-via-ajax_theme_activation</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-login-mail/magic-login-mail-or-qr-code-205-unauthenticated-privilege-escalation-via-insecure-qr-code-file-storage</loc>
<lastmod>2026-02-13T16:21:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-display-google-maps-perfectly-with-ease-471-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-ai-features</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-3339-reflected-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/www-xml-sitemap-generator-org/xml-sitemap-generator-for-google-203-reflected-cross-site-scripting</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connect-daily-web-calendar/connectdaily-144-reflected-cross-site-scripting</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leanpress/leanpress-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-organizer/quiz-organizer-291-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-25T21:41:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1598-authorization-bypass-to-arbitrary-password-reset</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-wallet/terawallet-for-woocommerce-1324-cross-site-request-forgery-via-lock_unlock_terawallet</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-plus-share-and-plusone-button/google-plus-share-and-1-button-10-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member-pro/s2member-pro-241216-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-154-authenticated-contributor-stored-cross-site-scripting-via-user-custom-schema</loc>
<lastmod>2026-01-22T17:19:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fusion-lite/wp-fusion-lite-33718-reflected-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2100-unauthenticated-stored-cross-site-scripting-via-product-option</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-12101-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-pin-it-button-on-image-hover-and-post/weblizar-pin-it-button-on-image-hover-and-post-34-authorization-bypass</loc>
<lastmod>2022-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mckinney-politics/mckinneys-politics-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/putter/putter-117-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio/audio-061-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-profile-picture/user-profile-picture-240-sensitive-information-disclosure</loc>
<lastmod>2021-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-wordpress-gym-management-system-6770-authenticated-subscriber-local-file-inclusion-to-privilege-escalation-via-password-update</loc>
<lastmod>2025-08-15T14:56:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-food-menu/fw-food-menu-600-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3211-authenticated-author-stored-cross-site-scripting-via-custom-fields</loc>
<lastmod>2025-07-14T16:08:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-224-unauthenticated-arbitrary-ticket-deletion</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-page/maintenance-page-108-security-mechanism-bypass-via-rest-api</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quentn-wp/quentn-wp-1212-unauthenticated-sql-injection-via-qntn_wp_access-cookie</loc>
<lastmod>2026-03-20T15:05:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2115-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/codiqa/codiqa-128-unauthenticated-php-object-injection</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1567-reflected-cross-site-scripting</loc>
<lastmod>2021-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stageshow/stageshow-1003-authenticated-contributor-stored-cross-site-scripting-via-anchor-parameter</loc>
<lastmod>2025-06-05T18:42:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supreme-modules-for-divi/supreme-modules-lite-divi-theme-extra-theme-and-divi-builder-2551-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-xxe-injection</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpulse-web-push/sendpulse-free-web-push-131-cross-site-request-forgery-via-sendpulse_config</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-xact-hosted-payment/e-xact-hosted-payment-20-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alukas/alukas-300-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-views-query-and-display-post-page/content-views-post-grid-filter-recent-posts-category-posts-more-gutenberg-blocks-and-shortcode-371-authenticated-contributor-stored-cross-site-scripting-via-pagingtype-parameter</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members/team-members-533-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3625-missing-authorization-to-contributor-form-submission-export</loc>
<lastmod>2023-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-191-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic_slider/magic-slider-22-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickfunnels/clickfunnels-311-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docxpresso/docxpresso-26-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svs-pricing-tables/svs-pricing-tables-104-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-for-woocommerce/facebook-for-woocommerce-1912-cross-site-request-forgery-allowing-option-update</loc>
<lastmod>2019-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-gallery/imagepress-image-gallery-122-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2024-10-11T16:56:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-307-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5950-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fast-cache/wp-fast-cache-14-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-wishlist/wpc-smart-wishlist-for-woocommerce-471-cross-site-request-forgery-via-wishlist_add-and-wishlist_remove</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-brands/premmerce-brands-for-woocommerce-1213-missing-authorization-to-authenticated-subscriber-brand-permalink-settings-update</loc>
<lastmod>2025-12-11T14:30:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-341-missing-authorization</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-152-unauthenticated-open-redirect</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watermark-reloaded/watermark-reloaded-135-cross-site-request-forgery-via-optionspage</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleanup-light/cleanup-directory-listing-classifieds-wordpress-plugin-104-reflected-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents/table-of-contents-block-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-user-shortcodes/better-user-shortcodes-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-504-unauthenticated-sql-injection-via-latitude-and-longitude-parameters</loc>
<lastmod>2026-06-24T15:14:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/farmagrico/farm-agrico-1311-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/motopress-hotel-booking-601-missing-authorization-to-unauthenticated-arbitrary-booking-notes-modification-via-mphb_update_booking_notes-ajax-action</loc>
<lastmod>2026-05-21T19:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/final-tiles-gallery-3418-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-masonry-infinite-scroll/wp-masonry-infinite-scroll-22-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-25T13:41:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Divi/divi-4251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T19:31:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-shortcodes/nd-shortcodes-591-unauthenticated-wordpress-options-update</loc>
<lastmod>2019-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sumup-payment-gateway-for-woocommerce/sumup-payment-gateway-for-woocommerce-279-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1132-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-483-authenticatedsubscriber-arbitrary-file-upload-via-upload_file</loc>
<lastmod>2023-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-18111-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-attachment-deletion-via-avatar-parameter</loc>
<lastmod>2026-06-05T10:28:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-access-restriction/simple-page-access-restriction-1031-cross-site-request-forgery-via-multiple-parameters</loc>
<lastmod>2025-05-29T20:43:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-cachepress/siteground-optimizer-5012-missing-authorization</loc>
<lastmod>2019-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-342-missing-authorization-to-authenticated-subscriber-arbitrary-read-more-post-deletion</loc>
<lastmod>2025-02-12T19:43:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection-page/redirection-page-12-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disable-update-notifications/disable-wordpress-update-notifications-233-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export/export-any-wordpress-data-to-xmlcsv-135-reflected-cross-site-scripting</loc>
<lastmod>2022-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-quantity-plus-minus-button/quantity-plus-minus-button-for-woocommerce-by-codeastrology-119-cross-site-request-forgery-via-wqpmb_form_submit</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-341-missing-authorization-to-authenticated-subscriber-limited-plugin-option-update</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-travel-booking-wordpress-theme-284-cross-site-scripting</loc>
<lastmod>2020-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedalbum-pro/embedsocial-social-media-feeds-reviews-and-galleries-1129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T14:30:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-sharing-toolkit/social-sharing-toolkit-26-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-restrict/simple-restrict-126-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-gold/wp-maps-pro-610-unauthenticated-privilege-escalation-via-administrator-account-creation-to-wpgmp_temp_access_ajax-ajax-action</loc>
<lastmod>2026-05-28T16:51:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-144-authentication-bypass-to-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-12-03T00:39:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpexperts-square-for-give/wpexperts-square-for-givewp-13-authenticated-administrator-sql-injection</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lms/lms-92-unauthenticated-sql-injection</loc>
<lastmod>2025-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-free-elementor-addons-plugin-and-elementor-templates-168-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fitness-calculators/fitness-calculators-195-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-579-unauthenticated-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-212-insecure-direct-object-reference</loc>
<lastmod>2020-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-271-arbitrary-file-upload</loc>
<lastmod>2015-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-optimizer/wp-database-optimizer-1213-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-add-pages-or-posts/simple-add-pages-or-posts-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-08T00:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess-ip-blocker/htaccess-ip-blocker-10-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-estimation-form/wp-cost-estimation-9660-upload-directory-traversal</loc>
<lastmod>2019-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clanwars/wp-clanwars-201-authenticated-administrator-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-01-23T19:25:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/the-leads-management-system-59sec-lite-341-authorization-bypass</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1app-business-forms/1app-business-forms-100-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-menu-manager/advance-menu-manager-311-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-227-authenticated-contributor-stored-cross-site-scripting-via-visual-link-preview-shortcode</loc>
<lastmod>2025-11-04T21:24:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-45-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-armour-extended/wp-armour-extended-126-cross-site-request-forgery</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-plugin-updater/one-click-plugin-updater-2414-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0874-sql-injection</loc>
<lastmod>2018-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-844-authenticated-subscriber-sql-injection-via-prgsortposttype-parameter</loc>
<lastmod>2025-06-16T13:39:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-local-avatars/simple-local-avatars-2710-cross-site-request-forgery-via-save_default_avatar_file_id</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventify/eventify-simple-events-17f-sql-injection-via-eventid</loc>
<lastmod>2011-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perelink/perelink-pro-214-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peprodev-ups/peprodev-ultimate-profile-solutions-191-752-authentication-bypass-to-account-takeover</loc>
<lastmod>2025-05-06T13:28:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theatre/theater-for-wordpress-01862-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post-kit/ultimate-post-kit-4015-unauthenticated-information-disclosure</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-213-sql-injection</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/myriad/myriad-20-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logtivity/activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-336-unauthenticated-information-disclosure-via-rest-api</loc>
<lastmod>2026-05-08T23:40:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zm-ajax-login-register/zm-ajax-login-register-109-cross-site-scripting</loc>
<lastmod>2015-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taeggie-feed/taeggie-feed-019-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-me-the-cookies/show-me-the-cookies-10-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-21T14:59:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/integro/integro-180-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-638-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointmind/appointmind-410-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-forms/zoho-forms-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-175-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-6115-authenticated-contributor-stored-cross-site-scripting-via-marker_name-shortcode-attribute</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-271-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-elementor-whmcs-elements/void-elementor-whmcs-elements-for-elementor-page-builder-2012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directories/directoriespro-plugin-by-sabaiapps-1345-cross-site-scripting-via-_drts_form_build_id-_t_-parameters</loc>
<lastmod>2020-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-pinyin-slugs/pinyin-slugs-230-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tydskrif/tydskrif-113-reflected-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1563-unauthenticated-privilege-escalation-via-backdoor-to-administrative-user-creation-via-lakit_bkrole-parameter</loc>
<lastmod>2026-01-21T17:31:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2170-authenticated-contributor-stored-cross-site-scripting-via-aux_contact_box-and-aux_gmaps-shortcodes</loc>
<lastmod>2024-12-20T20:19:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-qr-code-generator/dynamic-qr-code-generator-005-reflected-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-google-map/slick-google-map-03-cross-site-request-forgery</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/empty-cart-button-for-woocommerce/empty-cart-button-for-woocommerce-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/persian-woocommerce-sms-711-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-323-reflected-cross-site-scripting-via-smc_settings_tab-unattachfixit-action-and-woofixit-action-parameters</loc>
<lastmod>2025-01-03T18:55:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets-cpt/code-snippets-cpt-210-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-07T14:14:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptelegram-widget/wp-telegram-widget-and-join-link-2213-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mbstore/mbstore-digital-woocommerce-wordpress-theme-23-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-1115-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-display-users/display-users-200-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-like-dislike/comments-like-dislike-120-missing-authorization-to-authenticated-subscriber-plugin-setting-reset</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitewide-notice-wp/sitewide-notice-wp-22-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-502-missing-authorization-to-authenticated-subscriber-arbitrary-projecttask-comment-creation</loc>
<lastmod>2026-02-17T17:31:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-4124-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-survey/modal-survey-20201-reflected-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-420-masked-login-area-security-feature-bypass</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-1911-stored-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-code-authentication/captcha-code-27-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-monalisa/wp-monalisa-61-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postie/postie-1973-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-cm/team-showcase-250513-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-links/absolute-links-111-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-397-missing-authorization</loc>
<lastmod>2026-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpie-faq/accordion-faq-helpie-wordpress-accordion-faq-plugin-127-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-post/dynamic-post-503-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodlms/good-lms-214-unauthenticated-sql-injection</loc>
<lastmod>2020-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-backup-migration-09120-authenticated-admin-arbitrary-directory-creation</loc>
<lastmod>2025-12-20T14:45:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-332-sensitive-information-disclosure</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-bot/virtual-bot-100-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1643-authenticated-contributor-information-disclosure-via-shortcode</loc>
<lastmod>2024-10-23T20:20:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-meta/user-meta-30-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/calendar-event-multi-view-1399-reflected-cross-site-scripting</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contempo-real-estate-custom-posts/contempo-real-estate-custom-posts-326-unauthorized-file-upload</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-740-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1921-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-old-slugs-mgr/seraphinite-alternative-slugs-manager-13-cross-site-request-forgery</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-contact-form-with-paypal/cp-contact-form-with-paypal-1356-missing-authorization-to-unauthenticated-arbitrary-payment-confirmation</loc>
<lastmod>2025-11-21T18:50:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-blocks/design-blocks-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-323-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-gdpr-compliance/gdpr-ccpa-compliance-support-273-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-reviews/jetreviews-300-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-property-listings/easy-property-listings-353-missing-authorization-via-epl_update_listing_coordinates</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-helpdesk-support-ticket-system/happy-108-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-archive-calendar/ajax-archive-calendar-267-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-rat-collect/fat-rat-collect-273-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T13:26:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/wp-membership-162-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T18:58:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-advanced-conditional-visibility-for-gutenberg-blocks-classic-widgets-413-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/co-marquage-service-public/co-marquage-service-publicfr-0576-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-20T13:53:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weebotlite/weebotlite-100-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-762-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-textillate/easy-textillate-201-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-wp-real-estate/essential-wp-real-estate-113-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaf-before-and-after-gallery/beaf-4610-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-for-all/recaptcha-for-all-122-missing-authorization-via-recaptcha_for_all_image_select</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/melania/melania-250-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olevmedia-shortcodes/olevmedia-shortcodes-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yamaps/yamaps-for-wordpress-0628-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/q2w3-inc-manager/code-insert-manager-q2w3-inc-manager-253-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pripre/pripre-0411-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-25T14:02:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadin/hubspot-crm-email-marketing-live-chat-forms-analytics-8813-server-side-request-forgery</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rate-my-post/rate-my-post-wp-rating-system-341-insecure-direct-object-reference</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-text-slider-widget/text-slider-widget-10-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/symbiostock/symbiostock-lite-600-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-111-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embed-box/video-embed-10-authenticated-subscriber-sql-injection</loc>
<lastmod>2021-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coachify/coachify-115-cross-site-request-forgery</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/participants-database/participants-database-1759-unauthorized-cross-site-scripting</loc>
<lastmod>2017-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterslider/master-slider-pro-365-unauthenticated-php-object-injection</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/account-manager-woocommerce/account-manager-for-woocommerce-211-missing-authorization</loc>
<lastmod>2022-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popping-sidebars-and-widgets-light/popping-sidebars-and-widgets-light-127-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bookyourtravel/book-your-travel-81817-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6118-ip-address-spoofing-to-blocking-bypass</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-258-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-13-29-authenticated-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-generator/featured-image-generator-133-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1136-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-08-29T20:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-wordpress-lms-plugin-for-complete-elearning-solution-350-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-01-20T11:36:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/constructo/constructo-439-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-184-1921-missing-authorization-to-authenticated-subscriber-payment-refund-and-subscription-cancellation</loc>
<lastmod>2024-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptools/wp-tools-342-missing-authorization-to-select-plugin-installation</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-2116-reflected-cross-site-scripting</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce-exporter/wp-e-commerce-store-exporter-166-missing-authorization</loc>
<lastmod>2016-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-402-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocks/blocks-1642-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blockade/wp-blockade-0914-reflected-cross-site-scripting-via-shortcode-parameter</loc>
<lastmod>2026-05-21T16:12:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-pro-158-arbitrary-file-upload</loc>
<lastmod>2014-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salavat-counter/salavat-counter-plugin-095-authenticated-administrator-stored-cross-site-scripting-via-image_url-parameter</loc>
<lastmod>2026-02-18T15:59:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliced-invoices/sliced-invoices-395-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social/wp-social-login-and-register-social-counter-310-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-02-27T16:23:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-poster/pdf-poster-240-missing-authorization</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-61815-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-reloaded/limit-login-attempts-reloaded-2173-login-rate-limiting-bypass</loc>
<lastmod>2020-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plainview-activity-monitor/plainview-activity-monitor-20180826-remote-command-injection</loc>
<lastmod>2018-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puzzles/puzzles-426-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jazz-popups/jazz-popups-187-cross-site-request-forgery</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_visitorstracker/wp-visitors-tracker-23-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-email-control/woo-email-control-102-reflected-cross-site-scripting</loc>
<lastmod>2016-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/porto/porto-762-reflected-cross-site-scripting</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpt3-ai-content-generator/ai-power-complete-ai-pack-1896-authenticated-admin-php-object-injection-via-wpaicg_export_prompts</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nictitate/nictitate-114-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-slider/royal-slider-plugin-327-cross-site-scripting</loc>
<lastmod>2015-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invit0r/invit0r-022-arbitrary-file-upload</loc>
<lastmod>2012-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mightyforms/contact-form-survey-form-builder-mightyforms-139-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remote-content-shortcode/remote-content-shortcode-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T19:59:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-policy-manager/password-policy-manager-password-manager-205-missing-authorization-to-authenticated-subscriber-configuration-log-out</loc>
<lastmod>2025-10-24T18:09:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/racquet/racquet-1120-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pt-luxa-addons/pt-luxa-addons-122-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-pro-500-598-cross-site-request-forgery</loc>
<lastmod>2021-11-10T14:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-127-sensitive-information-exposure-via-log-file</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-59-631-authenticatedcontributor-stored-cross-site-scripting-via-navigation-attributes</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maniac-seo/maniac-seo-20-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/impacto-patronus/impacto-patronus-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2159-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-page-comment/no-page-comment-11-reflected-cross-site-scripting</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-affiliate-plugin-for-woocommerce-51671-unauthenticated-arbitrary-shortcode-execution-and-reflected-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rotating-posts/rotating-posts-111-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-menu-widget/dropdown-menu-widget-197-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-202-authorization-bypass-to-arbitrary-file-upload</loc>
<lastmod>2014-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-order-status-change-notifier/woocommerce-order-status-change-notifier-110-authenticated-subscriber-arbitrary-order-status-update</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-video-download-buttons-for-youtube/download-buttons-for-youtube-videos-103-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-45-cross-site-request-forgery</loc>
<lastmod>2022-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-hotel-room-booking/opal-hotel-room-booking-plugin-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T14:10:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-svg-support/webp-svg-support-140-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blossom-recipe-maker/blossom-recipe-maker-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-admin-bar-from-front-end/hide-admin-bar-from-front-end-100-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-translation/automatic-translation-104-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-video/wordpress-video-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-validation-for-gravity-forms/real-time-validation-for-gravity-forms-170-reflected-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-box/wp-login-box-202-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-plus/filter-plus-1117-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automatic-seo-tools/seo-tools-407-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swifty-bar/swifty-bar-sticky-bar-by-wpgens-1210-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-361-authenticated-contributor-stored-cross-site-scripting-via-extra_class-parameter</loc>
<lastmod>2024-11-19T00:05:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletin-announcements/wordpress-announcement-notification-banner-plugin-bulletin-385-authenticated-administrator-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/besa/besa-2315-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-117-sql-injection</loc>
<lastmod>2015-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/configure-login-timeout/configure-login-timeout-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-670-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-cookie-consent/responsive-cookie-consent-18-cross-site-scripting</loc>
<lastmod>2018-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-your-posts-manually/order-your-posts-manually-225-authenticated-administrator-sql-injection-via-sortdata</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified-info/wp-last-modified-info-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keydatas/-263-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2025-11-20T19:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-map/leaflet-map-2233-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xhanch-my-advanced-settings/xhanch-my-advanced-settings-112-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:13:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fruitful/fruitful-381-reflected-cross-site-scripting</loc>
<lastmod>2020-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-custom-field-values/get-custom-field-values-401-authenticatedcontributor-stored-cross-site-scripting-via-custom-meta-widget</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3643-open-redirect</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-811-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribers-com/subscribers-free-web-push-notifications-153-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-vault-wp-firewall/ip-vault-wp-firewall-11-ip-address-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2024-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobs/wp-jobs-17-cross-site-scripting</loc>
<lastmod>2017-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-very-simple-vimeo-shortcode/simple-vimeo-shortcode-291-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/top-dog/top-dog-105-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leader/leader-261-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/responsive-image-gallery-gallery-album-203-cross-site-request-forgery</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssp-debugging/ssp-debug-100-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-04T16:27:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-48-authenticated-contributor-stored-cross-site-scripting-via-srcdoc</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobica-core/jobica-core-142-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-for-elementor/elementscss-addons-for-elementor-1087-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-mu/google-analytics-mu-24-cross-site-request-forgery</loc>
<lastmod>2014-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapwiz/mapwiz-101-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-posts/twitterposts-102-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1832-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esri-map-view/esri-map-view-123-authenticated-contributor-stored-cross-site-scripting-via-esri-map-view-shortcode</loc>
<lastmod>2025-08-05T13:00:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailster/mailster-409-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-featured-image/dynamic-featured-image-370-authenticated-contributor-stored-cross-site-scripting-via-dfifeatured-parameter</loc>
<lastmod>2024-09-04T21:23:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-271-missing-authorization</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-rest-api/wp-rest-api-122-cross-site-scripting</loc>
<lastmod>2015-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-mask/wp-image-mask-312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1442-unauthenticated-php-object-injection-phar-triggered-via-administrator-form-submission-deletion</loc>
<lastmod>2025-07-01T17:04:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/payments-plugin-and-checkout-plugin-for-woocommerce-stripe-paypal-square-authorizenet-11175-authenticated-contributor-sql-injection-via-order_by-parameter</loc>
<lastmod>2025-09-09T18:09:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-1054-authenticated-administrator-sql-injection-via-resend</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokme/-206-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-2112-reflected-cross-site-scripting</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-popup/video-popup-113-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwordless-wp/passwordless-wp-login-with-your-glance-or-fingerprint-116-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-sendinblue-newsletter-subscription/brevo-for-woocommerce-4049-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T09:02:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/molla/molla-ecommerce-html5-template-1516-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-211-supply-chain-compromise</loc>
<lastmod>2007-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prestige/prestige-141-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/yellowpencil-visual-css-style-editor-761-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postie/postie-1410-cross-site-scripting</loc>
<lastmod>2012-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3507-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-228-missing-capabilities-check-to-information-disclosure</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-and-sequential-order-number/woo-custom-and-sequential-order-number-260-cross-site-request-forgery</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/address-bar-ads/address-bar-ads-100-reflected-cross-site-scripting</loc>
<lastmod>2026-02-13T18:27:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-widgets/essential-widgets-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pb-embedflash/pb-embedflash-151-remote-file-inclusion</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61516-improper-authorization-to-authenticated-contributor-eventorganizervenue-updatetrash-via-rest-api</loc>
<lastmod>2026-02-25T08:50:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revive-so/reviveso-bulk-rewrite-and-republish-blog-posts-203-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-by-motopress-244-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/infinite/infinite-112-authenticated-contributor-stored-cross-site-scripting-via-project_url-parameter</loc>
<lastmod>2024-06-27T18:55:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-htaccess-control/wp-htaccess-control-351-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-company-info/wp-company-info-190-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-20T19:32:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-17017-missing-authorization</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-238-reflected-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33102-missing-authorization-to-authenticated-subscriber-status-updates</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salert/salert-121-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popad/popad-104-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-visual-composer-75-authenticated-contributor-stored-cross-site-scripting-via-custom-heading-tag-attribute</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2244-cross-site-scripting-via-image-alt-and-title-text</loc>
<lastmod>2018-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-filter/blog-filter-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome-premium/tablesome-table-premium-1123-missing-authorization</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-points-rewards-gamification-ranks-badges-loyalty-plugin-232-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3504-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-591326-sql-injection</loc>
<lastmod>2017-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netinsight-analytics-implementation-plugin/netinsight-analytics-implementation-plugin-103-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-and-notification/booking-calendar-and-notification-403-unauthenticated-sql-injection</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-795-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tr-timthumb/tr-timthumb-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-05T16:45:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart66-lite/cart66-lite-wordpress-ecommerce-152-sql-injection</loc>
<lastmod>2014-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/anti-spam-by-cleantalk-5149-authenticated-sql-injection</loc>
<lastmod>2020-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress-pro/loginpress-pro-30-captcha-bypass</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6494-reflected-cross-site-scripting</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-teaser/post-teaser-415-missing-authorization</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmarker-1156-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsitemap/wp-sitemap-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/citadela-directory/citadela-listing-5181-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicksold-wordpress-plugin/clicksold-idx-149-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dms/document-management-system-124-reflected-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4275-authenticated-lp-instructor-stored-cross-site-scripting-via-lesson-name</loc>
<lastmod>2025-01-24T19:05:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plezi/plezi-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sketchfab-oembed/sketchfab-embed-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-disposable-email/no-disposable-email-251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1133-authenticated-contributor-stored-cross-site-scripting-via-twitter-widget</loc>
<lastmod>2024-06-11T20:53:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-purchase-orderpo-for-woocommerce/ni-purchase-orderpo-for-woocommerce-121-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-132-reflected-cross-site-scripting-via-emailf</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-514-stored-cross-site-scripting</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googleanalytics/sharethis-dashboard-for-google-analytics-324-unauthenticated-google-analytics-data-exposure</loc>
<lastmod>2026-01-06T19:59:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-emails/woo-custom-emails-22-reflected-cross-site-scripting-via-wcemails_edit</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor-pro/piotnet-addons-for-elementor-pro-7117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-external-images/import-external-images-14-cross-site-request-forgery-via-external_image_import_all_ajax</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consulting/consulting-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bigfishgames-syndicate/bigfishgames-syndicate-12-cross-site-request-forgery-to-settings-reset-and-update</loc>
<lastmod>2026-05-19T12:05:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/gallery-plugin-for-wordpress-envira-photo-gallery-1814-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-posts/wp-show-posts-114-information-exposure</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system-pro/masteriyo-lms-pro-2200-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-2110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozystay/cozystay-170-missing-authorization-to-arbitrary-action-execution-in-ajax_handler</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-268-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/security-optimizer-the-all-in-one-protection-plugin-150-missing-authorization-via-hide_notice</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-75-cross-site-request-forgery</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-media-library-lite/real-media-library-media-library-folder-file-manager-4227-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anthologize/anthologize-083-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eagle-booking/eagle-booking-1343-missing-authorization-to-authenticated-subscriber-settings-change</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-auto-hyperlink/g-auto-hyperlink-101-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hijri/wp-hijri-151-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-550-missing-authorization</loc>
<lastmod>2024-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/deliciosa/deliciosa-1100-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentsyst/rentsyst-20100-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-adminer/ari-adminer-1114-missing-authorization-and-no-direct-file-access-restrictions</loc>
<lastmod>2019-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meow-gallery/meow-gallery-gallery-block-419-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2021-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-102-admin-sql-injection-via-order-and-orderby-parameters</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/temporarily-hidden-content/temporarily-hidden-content-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:11:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-the-search-solution-38-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anber-elementor-addon/anber-elementor-addon-101-authenticated-contributor-stored-cross-site-scripting-via-carousel-button-link</loc>
<lastmod>2025-08-15T14:48:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockonomics-bitcoin-payments/wordpress-bitcoin-payments-blockonomics-357-reflected-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/topquark/top-quark-architecture-plugin-211-arbitrary-file-upload</loc>
<lastmod>2012-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4032-missing-authorization-via-calendar_event_create</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheetlink/gsheets-connector-111-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maps-block-apple/markdown-it-132-uncontrolled-resource-consumption</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/great-quotes/great-quotes-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nelio-content/nelio-content-431-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-for-gutenberg-elementor-3413-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reusable-blocks-extended/reusable-blocks-extended-09-cross-site-request-forgery-via-reblex_reusable_screen_block_pattern_registration</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homey-login-register/homey-login-register-240-unauthenticated-privilege-escalation-in-homey_register</loc>
<lastmod>2025-03-04T21:24:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-tech-tribe/the-tribal-133-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16100-unauthenticated-sql-injection-via-fields-parameter</loc>
<lastmod>2026-03-18T22:37:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-169-arbitrary-shortcode-execution</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vm-backups/vm-backups-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/frontend-file-manager-sharing-user-private-files-112-subscriber-arbitrary-file-upload</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-links/wp-social-links-031-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-64-missing-authorization-to-arbitrary-file-deletion</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xili-tidy-tags/xili-tidy-tags-11206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-cart-woocommerce/side-cart-woocommerce-ajax-21-cross-site-request-forgery</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-woocommerce/products-order-customers-export-for-woocommerce-2015-reflected-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serped-net/serpednet-46-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_scraper/wordpress-woocommerce-scraper-plugin-import-data-from-any-website-107-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-tables/product-table-by-wbw-212-unuthenticated-sql-injection</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcasa/wpcasa-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-job-board/ninja-job-board-132-information-disclosure</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-beginner-auto-post/seo-lat-auto-post-221-missing-authorization-to-file-overwriteupload-remote-code-execution</loc>
<lastmod>2025-01-06T15:43:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice-and-consent-banner/cookie-notice-consent-banner-for-gdpr-ccpa-compliance-171-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zd-scribd-ipaper/zd-scribd-ipaper-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-search/e-search-10-reflected-cross-site-scripting</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8015-cross-site-scripting</loc>
<lastmod>2018-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3070-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amcharts-charts-and-maps/amcharts-charts-and-maps-14-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventON/eventon-499-missing-authorization</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zielke-design-project-gallery/zielke-design-project-gallery-250-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-map-locations/cm-map-locations-216-reflected-cross-site-scripting</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5102-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-testimonial-widget/wp-testimonial-widget-31-missing-authorization</loc>
<lastmod>2024-08-20T17:22:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpide/wpide-file-manager-code-editor-26-authenticated-admininstrator-local-file-inclusion</loc>
<lastmod>2022-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9032-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-391-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2023-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-21712-unauthenticated-information-exposure</loc>
<lastmod>2025-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faq-1824-cross-site-scripting</loc>
<lastmod>2019-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-454-pro-227-free-reflected-cross-site-scripting</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-post-to-post-links/post-to-post-links-42-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-food-ordering-system-table-reservation-231-cross-site-request-forgery</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/real-3d-flipbook-4191-missing-authorization</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-donation-plugin-for-wordpress-fundraising-with-recurring-donations-more-183-reflected-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-integration/getresponse-for-wordpress-5535-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-widget-options/widget-options-422-authenticated-contributor-remote-code-execution-via-display-logic</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexo-slider/flexo-slider-10013-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zenlite/zenlite-43-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5151-authentication-bypass</loc>
<lastmod>2023-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1219-unauthenticated-full-path-disclosure</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-subscribe-sm/mailchimp-subscribe-form-optin-builder-popup-builder-form-builder-12-remote-code-execution</loc>
<lastmod>2015-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-35101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lsd-google-maps-embedder/lsd-google-maps-embedder-11-cross-site-request-forgery-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/wp-adminify-best-wordpress-custom-dashboard-plugin-4016-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-23T23:12:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-181-reflected-cross-site-scripting</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cozy-addons/cozy-blocks-2015-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-808-unauthenticated-arbitrary-media-deletion</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-14110-cross-site-request-forgery</loc>
<lastmod>2026-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-peach-payments-gateway/peach-payments-gateway-336-missing-authorization</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-fields-for-wpforms/upload-fields-for-wpforms-102-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-testimonials-with-slider-and-masonry-grid/free-responsive-testimonials-social-proof-reviews-and-customer-reviews-stars-testimonials-333-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-04T16:25:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-display-block/meta-display-block-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:49:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-post/yoast-duplicate-post-26-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-231-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revy/revy-118-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-305-authenticated-administrator-sql-injection</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inlinks/inlinks-11-authenticated-sql-injection</loc>
<lastmod>2017-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/llm-hubspot-blog-import/llm-hubspot-blog-import-101-missing-authorization-to-authenticated-subscriber-hubspot-import</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dark-mode/wp-markdown-editor-formerly-dark-mode-17-stored-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemeland-bulk-posts-editing-lite/bulk-posts-editing-for-wordpress-423-authenticated-subscriber-missing-authorization</loc>
<lastmod>2024-05-14T12:16:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pirate-forms/contact-form-smtp-plugin-for-wordpress-by-pirateforms-252-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-reply-manager/cf7-reply-manager-123-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picu/picu-online-photo-proofing-gallery-240-missing-authorization</loc>
<lastmod>2024-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-926-unauthenticated-sql-injection</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-272-authenticated-tutor-instructor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-unauthenticated-sql-injection</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-2021-cross-site-request-forgery</loc>
<lastmod>2013-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gm-woocommerce-quote-popup/product-enquiry-for-woocommerce-31-unauthenticated-stored-cross-site-scripting-via-name</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-705-cross-site-request-forgery</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery-premium/best-wordpress-gallery-plugin-foogallery-2416-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-12-09T17:12:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-user-registration-user-profile-restrict-content-plugin-profilepress-3110-unauthenticated-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-font-replacement-4wp/dynamic-font-replacement-dfr4wp-en-13-en-arbitrary-file-deletion</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/user-frontend-ai-powered-frontend-posting-user-directory-profile-membership-user-registration-431-missing-authorization</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pensopay/woocommerce-pensopay-631-reflected-cross-site-scripting-via-pensopay_action</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-addon-for-elementor-page-builder/pdf-generator-addon-for-elementor-page-builder-175-unauthenticated-path-traversal</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/streamvid/streamvid-686-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-622-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2020-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-231-missing-authorization-to-settings-update</loc>
<lastmod>2019-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imaq-core/imaq-core-121-cross-site-request-forgery-to-url-structure-update</loc>
<lastmod>2025-12-11T15:06:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1827-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-82-missing-authorization-to-unauthenticated-arbitrary-post-publishing</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-security-simple-and-performant-security-formerly-really-simple-ssl-957-missing-authorization</loc>
<lastmod>2026-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-283-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-470-473-missing-authorization-to-unauthenticated-information-disclosure-via-handle_rest_pre_dispatch-function</loc>
<lastmod>2025-12-12T15:34:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-import-document-extractor/magic-import-document-extractor-105-missing-authorization-to-unauthenticated-plugin-license-status-modification</loc>
<lastmod>2026-02-03T19:31:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dotlife/dotlife-495-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mlanguage/mlanguage-161-cross-site-request-forgery</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-faqs/easy-faqs-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12223-reflected-cross-site-scripting</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1640-missing-authorization</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jkdevkit/jkdevkit-194-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th23-social/th23-social-120-stored-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-minister/ad-minister-06-cross-site-scripting</loc>
<lastmod>2013-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalogue-5215-cross-site-request-forgery-via-reset_settings</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-818-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brandy/brand-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-7141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-browser-color-select/mobile-browser-color-select-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-2581-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-17T09:44:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telugu-bible-verse-daily/-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-management-xtended/admin-management-xtended-246-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footer-putter/footer-putter-613-reflected-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-cost-of-goods/ni-woocommerce-cost-of-goods-328-authenticated-administrator-sql-injection</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abcbiz-addons/abcbiz-addons-for-elementor-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spider-faq/spiderfaq-132-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-demo-importer/ts-demo-importer-012-missing-authorization</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-feed/the-awesome-feed-custom-feed-225-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navz-photo-gallery/acf-photo-gallery-field-19-authenticated-subscriber-arbitrary-usermeta-update</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-fuer-motorrad-werkstaetten/cms-fr-motorrad-werksttten-100-cross-site-request-forgery</loc>
<lastmod>2026-04-16T19:39:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rockstar-theme/various-orange-themes-various-unspecified-versions-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2013-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-woocommerce-email-customizer-433-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4271-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-event-registration-event-ticketing-41046decaf-authenticated-subscriber-missing-authorization-to-limited-plugin-settings-modification</loc>
<lastmod>2024-08-20T17:26:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-dns/global-dns-310-unauthenticated-remote-code-execution</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1626-authenticated-author-html-injection</loc>
<lastmod>2024-05-16T08:08:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ada-compliance-check-basic/wp-ada-compliance-check-basic-most-comprehensive-web-accessibility-solution-for-wordpress-313-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contests-from-rewards-fuel/contests-by-rewards-fuel-2062-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-drag-drop-form-builder-for-wordpress-1872-unauthenticated-price-manipulation</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-piwik/wp-piwik-1027-authenticated-administrator-stored-cross-site-scripting-via-plugin-display-name</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalpoll-lite/totalpoll-for-polls-and-contests-4120-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-url-seo/dynamic-url-seo-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javibola-custom-theme/javibola-custom-theme-test-205-cross-site-request-forgery</loc>
<lastmod>2026-05-19T12:07:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-5005-cross-site-scripting</loc>
<lastmod>2016-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woofilter-pro/product-filter-pro-296-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kineticpay-for-woocommerce/kineticpay-for-woocommerce-208-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-152-authenticated-contributor-stored-cross-site-scripting-via-image-compare-and-google-maps-widgets</loc>
<lastmod>2025-05-29T22:06:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-integrated-with-google-maps/contact-form-integrated-with-google-maps-10-24-stored-cross-site-scripting</loc>
<lastmod>2014-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listamester/listamester-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker-pro/leaflet-maps-marker-pro-158-arbitrary-file-deletion</loc>
<lastmod>2014-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstw-league-manager/mstw-league-manager-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-le/store-locator-plus-5515-authenticated-privilege-escalation</loc>
<lastmod>2021-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-events/simple-wp-events-1817-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-long-form/simple-long-form-222-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-list-grid-and-slider-all-in-one/wordpress-related-posts-with-thumbnails-3001-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-mailchimp/integration-for-mailchimp-and-contact-form-7-wpforms-elementor-ninja-forms-118-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171012-authenticated-dom-based-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acme-divi-modules/acme-divi-modules-135-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-1812-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-rss/flickrrss-531-cross-site-request-forgery</loc>
<lastmod>2018-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancytabs/fancytabs-110-authenticated-contributor-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-09-29T15:24:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bot-for-telegram-on-woocommerce/bot-for-telegram-on-woocommerce-126-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollrevealjs-effects/scrollrevealjs-effects-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-205-unauthenticated-stored-cross-site-scripting-via-form-entry-fields</loc>
<lastmod>2026-03-09T21:26:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecpay-logistics-for-woocommerce/ecpay-logistics-for-woocommerce-12181030-reflected-cross-site-scripting</loc>
<lastmod>2019-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-targeting/google-map-targeting-116-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/wplegalpages-292-authenticated-author-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-bootstrap-elements-for-elementor/ultimate-bootstrap-elements-for-elementor-144-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/polldaddy-polls-rating-2024-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6071-unauthenticated-privilege-escalation-via-admin_order</loc>
<lastmod>2026-01-16T13:22:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-software-for-wordpress/wp-livechat-373-stored-cross-site-scripting</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/where-i-was-where-i-will-be/where-i-was-where-i-will-be-111-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-time/countdown-timer-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/far-future-expiry-header/far-future-expiry-header-14-plugins-settings-update-via-cross-site-request-forgery</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-245-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-30-313-arbitrary-file-upload</loc>
<lastmod>2021-06-28T19:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1325-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-new/woocommerce-852-missing-authorization-to-privatedraft-product-disclosure</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2040-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-20-sensitive-information-exposure-due-to-insufficient-randomness</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-184-authenticated-sql-injection</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-text-shortcode/hide-text-shortcode-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woopayments-fully-integrated-solution-built-and-supported-by-woo-662-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jb-horizontal-scroller-news-ticker/jb-horizontal-scroller-news-ticker-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-writing-statistics/just-writing-statistics-47-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-cross-site-scripting-in-the-block-editor</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pricing-tables/pricing-tables-wordpress-plugin-easy-pricing-tables-326-authenticated-contributor-stored-cross-site-scripting-via-fontfamily-attribute</loc>
<lastmod>2024-11-05T23:25:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-server-stats/wp-server-health-stats-173-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ms-reviews/ms-reviews-15-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugmatter-pricing-table/plugmatter-pricing-table-lite-1032-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/template-kit-import/envato-elements-2010-template-kit-1013-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2021-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-191057-resource-exhaustion</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-mestres-wp/checkout-mestres-wp-86-authenticated-admin-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hashtags/hashtags-032-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-211-reflected-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-avatar/user-avatar-1411-reflected-cross-site-scripting</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-plus/featured-image-plus-quick-bulk-edit-with-unsplash-166-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-07-22T14:05:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-277-authenticated-subscriber-information-disclosure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11134-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-221-authenticated-contributor-stored-cross-site-scripting-via-countdown-block</loc>
<lastmod>2025-04-28T17:26:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpoptin/top-bar-popups-by-wpoptin-208-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-posts-footer-manager/posts-footer-manager-210-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemes-exchange/ithemes-exchange-1120-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-import-image-from-url/save-import-image-from-url-07-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-224-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swipehq-payment-gateway-wp-e-commerce/wp-e-commerce-swipe-plugin-310-multiple-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-31110-incorrect-authorization-via-bdt_duplicate_as_draft</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-info-card/wp-plugin-info-card-237-cross-site-scripting</loc>
<lastmod>2015-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-option_id-get</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-mockups/smart-mockups-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adl-team/team-126-authenticated-contibutor-stored-cross-site-scripting</loc>
<lastmod>2022-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mosaic/mosaic-171-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-06-21T15:08:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-official-opt-in-forms/keap-official-opt-in-forms-201-unauthenticated-limited-local-file-inclusion</loc>
<lastmod>2025-02-17T15:45:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spamreferrerblock/download-spamreferrerblock-222-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-182-unauthenticated-information-exposure</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-bot/virtual-bot-100-unauthenticated-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-places-reviews/google-places-reviews-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-54-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/camptix/camptix-event-ticketing-142-csv-injection</loc>
<lastmod>2016-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-expand-tabs-free/wp-tabs-responsive-tabs-plugin-for-wordpress-180-stored-cross-site-scripting</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstream/wpstream-4112-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taketin-to-wp-membership/taketin-to-wp-membership-2812-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-200-cross-site-request-forgery</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2918-cross-site-scripting</loc>
<lastmod>2015-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curly-core/curly-core-216-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-todo/wp-to-do-130-cross-site-request-forgery-via-wptodo_manage</loc>
<lastmod>2024-05-29T15:54:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-plus-reloaded/activity-plus-reloaded-for-buddypress-111-authenticated-subscriber-blind-server-side-request-forgery</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squeeze/squeeze-177-authenticated-subscriber-directory-traversal</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs-pro/betterdocs-pro-380-unauthenticated-local-file-inclusion-via-doc_style</loc>
<lastmod>2026-06-18T17:00:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-4231-cross-site-request-forgery</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-unauthenticated-stored-cross-site-scripting-via-form</loc>
<lastmod>2024-06-04T17:29:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1046-cross-site-request-forgery</loc>
<lastmod>2022-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-321-recaptcha-protection-bypass</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-header-image-slider/wp-responsive-header-image-slider-321-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-for-woocommerce/quotes-for-woocommerce-201-cross-site-request-forgery</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordions-2323-authenticated-custom-stored-cross-site-scripting-via-accordion-body-field</loc>
<lastmod>2026-06-08T13:00:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1554-sql-injection-via-bwg_search_x-parameter</loc>
<lastmod>2020-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yelp-review-slider/wp-yelp-review-slider-81-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegant-pink/elegant-pink-133-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms/wordpress-contact-forms-by-cimatti-194-missing-authorization-to-unauthenticated-form-submission-download</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-export-with-their-meta-data/export-users-with-meta-065-authenticated-admin-sql-injection</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exertio-framework/exertio-framework-133-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upqode-google-maps/upqode-google-maps-105-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solutions-ad-manager/solutions-ad-manager-100-unauthenticated-open-redirect-via-sam-redirect-to-parameter</loc>
<lastmod>2025-12-12T16:09:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepress-admin-columns/admin-columns-free-432-and-pro-552-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-universal-video-player-addon-visual-composer/universal-video-player-addon-for-wpbakery-page-builder-321-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-list/event-list-087-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-272-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canvasflow/canvasflow-155-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edwiser-bridge/edwiser-bridge-305-authentication-bypass-due-to-missing-empty-value-check</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-1238-multiple-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.8/wordpress-core-382-contributor-users-can-publish-posts</loc>
<lastmod>2014-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-block-converter/bulk-block-converter-101-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ping-list-pro/ping-list-pro-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-all-xml-csv-txt-into-wordpress-642-missing-authorization</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-feather/social-media-feather-204-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-10T14:33:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-21117-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-best-quiz-exam-and-survey-plugin-for-wordpress-734-insecure-direct-object-reference</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-stage-wp/super-stage-wp-101-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yacht-rental/yacht-rental-26-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-loops/product-loops-for-woocommerce-212-missing-authorization</loc>
<lastmod>2025-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-324-unauthenticated-double-extension-arbitrary-file-upload</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1168-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sentry/wp-sentry-10-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3512-authenticated-administrator-arbitrary-file-upload-via-save_options</loc>
<lastmod>2025-06-17T22:49:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-for-contact-form-7-and-pipedrive/integration-for-pipedrive-and-contact-form-7-wpforms-elementor-ninja-forms-123-unauthenticated-php-object-injection-via-verify_field_val-function</loc>
<lastmod>2025-07-18T16:22:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/partners/partners-020-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-more-link-complete/custom-more-link-complete-141-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-seo-meta-tags/category-seo-meta-tags-25-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-89-cross-site-request-forgery</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-countdown/coming-soon-countdown-22-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-461-sql-injection</loc>
<lastmod>2015-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-fields-to-checkout-page-woocommerce/custom-woocommerce-checkout-fields-editor-130-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/left-right-image-slideshow-gallery/left-right-image-slideshow-gallery-120-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eunoia/eunoia-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cab-fare-calculator/cab-fare-calculator-103-unauthenticated-local-file-inclusion</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewscouk-for-woocommerce/reviewsio-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widget-changer/wp-widget-changer-125-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2026-01-06T20:31:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-domain-checker/ajax-domain-checker-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-11811-server-side-request-forgery</loc>
<lastmod>2023-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-41-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-android-and-ios-mobile-application-1141-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/welcome-popup/welcome-popup-1010-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-6415-authenticated-contributor-stored-cross-site-scripting-via-carousel_direction-parameter</loc>
<lastmod>2026-05-28T18:38:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20241-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logs-de-connexion/connexion-logs-302-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping-ups/ups-live-rates-and-access-points-2312-missing-authorization-to-plugin-api-key-reset</loc>
<lastmod>2024-10-24T16:50:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-0436-cross-site-scripting</loc>
<lastmod>2011-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/gallery-plugin-for-wordpress-envira-photo-gallery-1120-missing-authorization-to-authenticated-author-multiple-gallery-actions</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/givingpress-lite/givingpress-lite-186-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-us-map/interactive-us-map-27-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3245-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b2bking/b2bking-premium-5420-unauthenticated-open-redirect</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/isape/isape-072-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-body-class/custom-body-class-060-cross-site-request-forgery</loc>
<lastmod>2019-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2814-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spark-multipurpose/spark-multipurpose-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-2104-cross-site-request-forgery-via-ajax_add_log_entry</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio1-html5/chameleon-html5-audio-player-withwithout-playlist-356-authenticated-contributor-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3219-authenticated-contributor-stored-cross-site-scripting-via-gallery-title</loc>
<lastmod>2024-07-24T00:12:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-765-reflected-cross-site-scripting</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-blocks/cms-blocks-11-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-115-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-to-301/404-to-301-redirect-log-and-notify-404-errors-202-sql-injection</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-3002-authenticated-author-privilege-escalation-via-registryuserrole-parameter</loc>
<lastmod>2026-06-16T20:57:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-editor/admin-menu-editor-114-authenticated-contributor-stored-cross-site-scripting-via-placeholder-parameter</loc>
<lastmod>2025-09-05T15:11:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interact-quiz-embed/interact-embed-a-quiz-on-your-site-307-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1328-missing-authorization</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-4513-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-comments/contus-video-comments-10-authorization-bypass</loc>
<lastmod>2016-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-copy-paste/live-copy-paste-for-elementor-cross-domain-copy-paste-page-duplicator-153-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottier-wpbakery/lottier-for-wpbakery-117-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-448-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-931-authenticated-contributor-stored-cross-site-scripting-via-wprm-recipe-roundup-item-shortcode</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-upload-images/auto-upload-images-33-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-sandwich/page-builder-sandwich-510-missing-authorization-to-authenticatedsubscriber-arbitrary-post-editing</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tealium/tealium-2120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goal-tracker-for-patreon/goal-tracker-for-patreon-046-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-local-avatars/simple-local-avatars-284-missing-authorization-to-authenticated-subscriber-avatar-migration</loc>
<lastmod>2025-08-11T18:20:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livestream-notice/livestream-notice-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5119-authenticated-subscriber-stored-cross-site-scripting-via-welcome-screen-fields</loc>
<lastmod>2024-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aiomatic-automatic-ai-content-writer/aiomatic-ai-content-writer-editor-chatbot-ai-toolkit-236-missing-authorization-to-authenticated-subscriber-multiple-administrator-actions</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-7639-unauthenticated-authentication-bypass-through-account-takeover</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-reviews/ultimate-reviews-328-unauthenticated-stored-cross-site-scripting-via-reviews</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-29-reflected-cross-site-scripting</loc>
<lastmod>2018-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iubenda-cookie-law-solution/iubenda-all-in-one-compliance-for-gdpr-ccpa-cookie-consent-more-308-server-side-request-forgery</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-sql-injection-via-filter_list-parameter</loc>
<lastmod>2017-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-21311-authenticated-administrator-sql-injection</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-836-authenticated-contributor-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtranslate/translate-wordpress-with-gtranslate-296-reflected-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-12661-unauthenticated-stored-cross-site-scripting-via-ip-manipulation</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-323-authenticated-php-object-injection</loc>
<lastmod>2017-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi/relevanssi-360-authenticated-admin-sql-injection</loc>
<lastmod>2018-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2141-reflected-cross-site-scripting-via-imgurl</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-backlinks/seo-backlinks-401-cross-site-request-forgery</loc>
<lastmod>2021-07-26T06:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-3279-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-table-rate-shipping/exchange-addon-table-rate-shipping-110-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WooCommerce-Multi-Locations-Inventory-Management/multiloca-woocommerce-multi-locations-inventory-management-428-missing-authorization-to-unauthenticated-arbitrary-options-update-via-wcmlim_settings_ajax_handler</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-upload-files-during-checkout/easy-upload-files-during-checkout-298-unauthenticated-arbitrary-javascript-file-upload</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-134-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-963-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1352-authenticated-admin-local-file-inclusion</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optimize/wp-optimize-450-missing-authorization-to-authenticated-subscriber-plugin-settings-update-and-image-manipulation</loc>
<lastmod>2026-04-09T11:52:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zendrop-dropshipping-and-fulfillment/zendrop-global-dropshipping-100-arbitrary-file-upload</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-2911-authenticated-stored-cross-site-scripting</loc>
<lastmod>2018-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rescue-shortcodes/rescue-shortcodes-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-269-authenticated-contributor-stored-cross-site-scripting-via-call-to-action-widget</loc>
<lastmod>2024-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/carousel-slider-gallery-by-wp-carousel-273-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-2637-unauthorised-vote-export-to-email-ip-addresses-disclosure</loc>
<lastmod>2021-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multi-currency/multi-currency-for-woocommerce-155-cross-site-request-forgery</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-wp-real-estate/essential-wp-real-estate-113-missing-authorization-to-arbitrary-postpage-deletion</loc>
<lastmod>2025-01-09T22:18:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-optin-box/simple-newsletter-plugin-noptin-1103-unauthenticated-csv-injection</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmapsprem/hero-maps-premium-222-reflected-cross-site-scripting</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/RedSteel/redsteel-all-versions-file-disclosure</loc>
<lastmod>2015-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoresponder-gwa/gwa-autoresponder-274-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/freshdesk-support/freshdesk-official-236-cross-site-request-forgery</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-sendinblue-newsletter-subscription/sendinblue-for-woocommerce-4017-authenticated-editor-arbitrary-file-download-and-deletion</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-471-missing-authorization</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3330-missing-authorization</loc>
<lastmod>2025-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-restaurant-menu-by-pricelisto/best-restaurant-menu-by-pricelisto-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-304-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-03T17:07:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-x/booking-x-10-112-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-export_now-function</loc>
<lastmod>2025-07-03T12:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-shortcodes-extra/bp-profile-shortcodes-extra-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-409-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgsi/spreadsheet-integration-and-spreadsheet-integration-pro-350-cross-site-request-forgery</loc>
<lastmod>2021-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-contact-form-integration-for-elementor/eleforms-all-in-one-form-integration-including-db-for-elementor-2997-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-267-cross-site-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-912-authenticated-subscriber-missing-authorization-to-google-ads-access-token-retrieval-via-ajax-action-exactmetrics_ads_get_token</loc>
<lastmod>2026-04-23T14:48:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-useronline/wp-useronline-2876-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-1315-improper-input-validation</loc>
<lastmod>2017-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-abandonment-recovery/woocommerce-cart-abandonment-recovery-1226-cross-site-request-forgery-to-templatesabandoned-orders-deletion</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-conference-integration/webcam-video-conference-451-arbitrary-file-upload</loc>
<lastmod>2012-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-al-slider/simple-al-slider-1210-reflected-cross-site-scripting</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-images/instant-images-5101-authenticated-author-server-side-request-forgery-via-instant_images_download</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2146-unauthenticated-sql-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-list/medialist-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-655-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatic-youtube-video-posts/automatic-youtube-video-posts-plugin-522-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speakpipe-voicemail-for-websites/speakpipe-02-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yawave/yawave-291-unauthenticated-sql-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sakolawp-lite/school-management-system-sakolawp-108-cross-site-request-forgery-to-exam-setting-manipulation</loc>
<lastmod>2025-02-26T15:28:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-264-arbitrary-usermeta-update-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/justitia/justitia-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/wordpress-user-extra-fields-165-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-222-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3268-authenticated-page-creation-and-status-modification</loc>
<lastmod>2020-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logtivity/activity-logs-user-activity-tracking-multisite-activity-log-from-logtivity-336-unauthenticated-information-exposure</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-421-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox2/responsive-lightbox2-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-the-drag-and-drop-form-builder-for-wordpress-380-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-earth-tours/google-earth-embed-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-1023-authorization-bypass</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-1254-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polylang-supertext/supertext-translation-and-proofreading-425-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/woocommerce-pdf-invoice-builder-1290-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turisbook-booking-system/turisbook-booking-system-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avalex/avalex-automatisch-sichere-rechtstexte-303-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sticky-footer/simple-sticky-footer-135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etemplates/etemplates-021-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp/my-wp-customize-adminfrontend-1210-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-share-selection/dx-share-selection-14-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listings-for-appfolio/listings-for-appfolio-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1153-cross-site-request-forgery</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-excel-importer/import-content-in-wordpress-woocommerce-with-excel-42-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-games-embed/wp-games-embed-01beta-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:07:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-customers-import-export-for-wp-woocommerce/import-export-wordpress-users-252-authenticated-shop-manager-path-traversal</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pilotpress/pilotpress-2030-authenticatedsubscriber-missing-authorization-via-multiple-ajax-functions</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posturinn/psturinns-shipping-with-woocommerce-131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-ecommerce-product-addons/ibtana-ecommerce-product-addons-023-reflected-cross-site-scripting</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-532-cross-site-request-forgery-via-customer_cabinet__request_cancellation-ajax-route</loc>
<lastmod>2026-05-13T17:41:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-590-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcat-wpml/smartcat-translator-for-wpml-3177-missing-authorization-to-unauthenticated-plugin-settings-update</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-restaurantmenu/foodmenu-120-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-4597-authenticated-administrator-arbitrary-file-download</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/openid/openid-361-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-339-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1355-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0108-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2832-reflected-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-topbar/wp-topbar-402-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2012-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/import-any-xml-or-csv-file-to-wordpress-324-missing-authorization-and-cross-site-request-forgery-checks</loc>
<lastmod>2020-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbook/wpbook-27-unauthenticated-cross-site-request-forgery</loc>
<lastmod>2015-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autokeyword/wp-autokeyword-10-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-download/easy-media-download-1111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pedalo-connector/pedalo-connector-205-authentication-bypass-to-administrator</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-344-authenticated-php-object-injection</loc>
<lastmod>2018-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4257-unauthenticated-sql-injection-via-order_by</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/novelist/novelist-123-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-153-arbitrary-file-upload</loc>
<lastmod>2014-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/article-analytics/article-analytics-10-unauthenticated-sql-injection</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5194-missing-authorization-to-unauthenticated-limited-option-update</loc>
<lastmod>2025-11-12T14:58:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inquiry-form-to-posts-or-pages/inquiry-form-to-posts-or-pages-10-cross-site-request-forgery-to-stored-cross-site-scripting-via-inq_header-parameter</loc>
<lastmod>2026-04-14T18:02:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-412-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-contactus/all-in-one-support-button-callback-request-187-cross-site-request-forgery</loc>
<lastmod>2020-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-531-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediapress/mediapress-1591-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/university-quizzes-online/university-quizzes-online-14-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paypal/wp-paypal-1238-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/wp-adminify-315-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20255-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-blvd-widget-areas/theme-blvd-widget-areas-130-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-it/like-it-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T20:15:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5743-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tags-cloud-manager/tags-cloud-manager-100-reflected-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/electroserv/electroserv-electrical-repair-service-wordpress-theme-132-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-653-reflected-cross-site-scripting</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29934-content-spoofing</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-code/insert-code-24-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/app-landing-page/app-landing-page-122-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1512-cross-site-request-forgery-in-exec_multitask_widgets-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kubio/kubio-ai-page-builder-224-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oshin/oshine-727-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dailyedition/daily-edition-162-sql-injection</loc>
<lastmod>2015-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-headerfooterbody-script-update</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings/wp-postratings-191-ip-spoofing</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registration-login-with-mobile-phone-number/registration-login-with-mobile-phone-number-for-woocommerce-131-authentication-bypass</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ashe-extra/ashe-extra-1292-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-421-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-status-notifier-lite/post-status-notifier-lite-1110-reflected-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-widgets-to-page/add-widgets-to-page-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-icons-widget-by-wpzoom/social-icons-widget-block-458-missing-authorization-to-authenticated-subscriber-sharing-configuration-creation</loc>
<lastmod>2026-03-12T20:38:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-authenticated-stored-cross-site-scripting-via-customizer</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-wemusic/wemusic-191-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-292-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-3015-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bookings-calendar/woocommerce-bookings-calendar-1036-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-212-authenticated-contributor-information-exposure-via-metadata</loc>
<lastmod>2025-12-12T14:28:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-233-cross-site-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tabulate/tabulate-2103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/wpfunnels-306-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-products-dynamic-pricing-management-woocommerce/wholesale-products-dynamic-pricing-management-woocommerce-12-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-04-13T15:13:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-323-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zartis-job-plugin/hirehive-job-plugin-290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coalition/coalition-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssquiz/ss-quiz-1122-unspecified-vulnerabilities</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WP_AttractiveDonationsSystem/wp-attractive-donations-system-easy-stripe-paypal-donations-125-unauthenticated-sql-injection</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moova-for-woocommerce/moova-for-woocommerce-35-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-venipak-shipping/shipping-with-venipak-for-woocommerce-1224-reflected-cross-site-scripting</loc>
<lastmod>2024-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discourse/wp-discourse-259-authenticated-author-information-exposure</loc>
<lastmod>2025-10-31T16:59:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-10991-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-731-insecure-password-reset-mechanism-to-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-02T05:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-dynamics-365-crm/integrate-dynamics-365-crm-111-authenticated-administrator-stored-cross-site-scripting-via-field-mapping-configuration</loc>
<lastmod>2026-01-16T19:47:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wolmart-core/wolmart-core-196-unauthenticated-sql-injection</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-wordpress-1135-authentication-bypass-via-disqus-oauth-provider</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjascanner/ninjascanner-virus-malware-scan-325-authenticated-administrator-arbitrary-file-deletion</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/savyour-affiliate-partner/savyour-affiliate-partner-214-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bayarcash-wc/bayarcash-woocommerce-4312-missing-authorization</loc>
<lastmod>2026-01-13T20:49:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-skill-bar/skt-skill-bar-25-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-plus/grid-plus-134-reflected-cross-site-scripting-via-grid_id</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-459-authenticated-contributor-dom-based-cross-site-scripting-via-social-icons-block</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-602-authenticated-contributor-information-disclosure</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thecartpress/thecartpress-ecommerce-shopping-cart-1536-multiple-cross-site-scripting</loc>
<lastmod>2015-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userplus/userplus-20-privilege-escalation</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobroller/jobroller-174-reflected-cross-site-scripting</loc>
<lastmod>2013-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockie-extra/stockie-extra-1211-cross-site-request-forgery</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-387-sql-injection</loc>
<lastmod>2015-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobboardwp/jobboardwp-job-board-listings-and-submissions-107-stored-cross-site-scripting</loc>
<lastmod>2021-10-15T19:23:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-11918-authenticated-contributor-stored-cross-site-scripting-via-skipto-shortcode</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-298-authenticated-contributor-sensitive-information-exposure-via-wl-faq-widget-elementor-template</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-152-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2015-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloprint/helloprint-207-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-291-authenticated-author-path-traversal-to-limited-arbitrary-css-file-actions</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1593-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-scores-for-sportspress/live-scores-for-sportspress-190-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-370-unauthenticated-sql-injection</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-galleryversion-10/contus-video-gallery-13-arbitrary-file-upload</loc>
<lastmod>2012-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-store-locator/ajax-store-locator-12-sql-injection</loc>
<lastmod>2015-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-31611-stored-cross-site-scripting</loc>
<lastmod>2017-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-widgets-pack/cryptocurrency-widgets-pack-201-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblibrarian/weblibrarian-3581-reflected-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-423-authorization-bypass</loc>
<lastmod>2015-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-656-cross-site-request-forgery-to-data-request-deletion</loc>
<lastmod>2024-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager/real-estate-manager-73-unauthenticated-remote-code-execution</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-user-css/custom-user-css-02-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-sql-injection-via-mishandled-placeholders</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-code-for-woocommerce/product-code-for-woocommerce-150-cross-site-request-forgery-to-database-update</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-contact-forms-and-much-more-855-authenticated-admin-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multisafepay/multisafepay-plugin-for-woocommerce-4150-arbitrary-file-read</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shaha/shaha-islamic-centre-mosque-theme-rtl-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravityforms-191511-cross-site-scripting</loc>
<lastmod>2016-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4391-insecure-direct-object-reference-to-authenticated-subscriber-sensitive-information-disclosure-via-userid-parameter</loc>
<lastmod>2026-06-30T16:07:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-call-button/quick-call-button-129-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-sync/user-sync-remote-user-sync-102-cross-site-request-forgery-to-plugin-deactivation</loc>
<lastmod>2025-09-16T13:49:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gregs-high-performance-seo/gregs-high-performance-seo-161-reflected-cross-site-scripting</loc>
<lastmod>2015-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-custom-fields-manager/mass-custom-fields-manager-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesmanago/salesmanago-381-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-update-blocker/plugin-updates-blocker-02-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:44:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-cards-meta/twitter-cards-meta-291-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions/accordion-2311-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brands-for-woocommerce/brands-for-woocommerce-3706-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-705-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-544-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/business-one-page/business-one-page-132-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-paypal-donation/accept-donations-with-paypal-145-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featurific-for-wordpress/featurific-for-wordpress-162-cross-site-scripting</loc>
<lastmod>2011-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/us-core/upsolution-core-841-reflected-cross-site-scripting</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-by-realfavicongenerator/favicon-by-realfavicongenerator-1212-reflected-cross-site-scripting</loc>
<lastmod>2015-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3434-authenticated-oauth-connection-key-disclosure</loc>
<lastmod>2021-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-469-missing-authorization</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dot-htmlphpxml-etc-pages/dot-htmlphpxml-etc-pages-10-reflected-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy/spiffy-xspf-player-01-sql-injection</loc>
<lastmod>2013-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-page-widget/featured-page-widget-22-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loco-translate/loco-translate-269-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-chained-products/woocommerce-chained-products-2120-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-page/coming-soon-and-maintenance-mode-367-cross-site-request-forgery-to-arbitrary-email-send</loc>
<lastmod>2022-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-16266-unauthenticated-payment-deletion-via-delete_payment</loc>
<lastmod>2024-06-05T15:33:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-all-posts-by-authors-nested-categories-and-titles/list-all-posts-by-authors-nested-categories-and-title-282-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-501-php-object-injection</loc>
<lastmod>2018-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyphenator/hyphenator-515-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-181-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-blog-stats/simple-blog-stats-20250416-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neuvoo-jobroll/neuvoo-jobroll-20-reflected-cross-site-scripting</loc>
<lastmod>2015-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gumlet-video/gumlet-video-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:47:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-731-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/novelist/novelist-120-authenticated-administrator-stored-cross-site-scripting-via-book-information-fields</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-product-feed-manager/woocommerce-google-feed-manager-280-missing-authorization-to-authenticated-contributor-arbitrary-feed-actions</loc>
<lastmod>2024-08-22T16:29:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5982-cross-site-request-forgery-to-group-membership-request-approvaldenial</loc>
<lastmod>2026-03-06T11:37:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nifty/nifty-141-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azindex/azindex-081-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-cross-site-request-forgery-via-setignore</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uji-countdown/uji-countdown-206-cross-site-scripting</loc>
<lastmod>2016-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-chat-support/essential-chat-support-101-missing-authorization-to-unauthenticated-settings-reset-via-ecs_reset_settings-parameter</loc>
<lastmod>2026-05-15T13:35:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yphplista/yphplista-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/foodbook/foodbook-476-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertpro/easytest-101-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/cp-polls-1074-reflected-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/randomtext/random-text-030-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management-pro/the-school-management-pro-996-remote-code-execution</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latest-tweets-widget/latest-tweets-widget-114-arbitrary-settings-update-via-cross-site-request-forgery</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5945-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-03-21T16:16:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-popup/themify-popup-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css-pro/custom-css-pro-103-cross-site-request-forgery</loc>
<lastmod>2019-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/business-pro/business-pro-1104-reflected-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobcareer/jobcareer-34-cross-site-scripting</loc>
<lastmod>2020-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-171007-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-loops/mini-loops-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-410-missing-authorization-to-template-import</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-free-333-pro-533-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tera-charts/tera-charts-10-directory-traversal</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crisp/crisp-live-chat-031-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-399-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-230-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-01-07T20:40:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-for-woocommerce-421-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zooom/zooom-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T11:58:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-admin-search/advanced-admin-search-112-cross-site-scripting</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-136-authenticated-subscriber-stored-cross-site-scripting-via-checkin_place_id-parameter</loc>
<lastmod>2026-04-17T11:35:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-server/wp-oauth2-server-101-authentication-bypass</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-shopify-to-woocommerce/s2w-import-shopify-to-woocommerce-1112-authenticated-admin-local-file-inclusion</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-comment-editing/comment-edit-core-simple-comment-editing-3033-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessally/accessally-332-arbitrary-code-execution</loc>
<lastmod>2020-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protected-posts-logout-button/protected-posts-logout-button-145-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anona/anona-80-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartideo/smartideo-270-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-leaflet-map/extensions-for-leaflet-map-47-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:33:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.3/wordpress-core-631-authenticatedcontributor-sensitive-information-exposure-via-comments-on-protected-posts</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neuronet/neuronet-1140-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12407-missing-authorization</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1112-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xo-event-calendar/xo-event-calendar-3210-authenticated-contributor-stored-cross-site-scripting-via-xo_event_field-shortcode</loc>
<lastmod>2026-02-18T16:30:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arena-liveblog-and-chat-tool/arenaim-live-blogging-for-real-time-events-030-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:30:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appmax/appmax-103-missing-authorization-to-order-status-manipulation-and-arbitrary-order-creation-via-webhook-endpoint</loc>
<lastmod>2026-03-20T15:10:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator/store-locator-334-sql-injection</loc>
<lastmod>2015-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-user-map/open-user-map-1414-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-gallery/gallery-photo-albums-plugin-1229-cross-site-scripting</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rock-convert/rock-convert-2102-reflected-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-google-authenticator/login-with-otp-over-sms-email-whatsapp-and-google-authenticator-107-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-630-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1811-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-262-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dtree-30/wp-dtree-445-reflected-cross-site-scripting</loc>
<lastmod>2023-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-312-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pack/news-blog-designer-pack-32-authenticated-contributor-stored-cross-site-sqcripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xavins-review-ratings/xavins-review-ratings-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T11:31:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-366-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-921-authenticated-stored-cross-site-scripting-via-video-embed</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrations-of-zoho-crm-with-elementor-form/integrations-of-zoho-crm-with-elementor-form-107-open-redirect</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-1104-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs-manager/faqs-manager-10-cross-site-scripting</loc>
<lastmod>2013-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-152-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T16:03:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ask-me/ask-me-687-cross-site-request-forgery</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shapepress-dsgvo/wp-dsgvo-tools-gdpr-3123-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-twitter-feed/mini-twitter-feed-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2119-unauthenticated-stored-cross-site-scripting-via-name-parameter</loc>
<lastmod>2025-02-11T21:55:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-egg/content-egg-530-reflected-cross-site-scripting</loc>
<lastmod>2022-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-spreadsheets/cf7-spreadsheets-232-missing-authorization-to-settings-update</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblizar-pinterest-feeds/weblizar-pin-feeds-112-reflected-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-mobile-friendly-tooltip/responsive-mobile-friendly-tooltip-166-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/woocommerce-reviews-plugin-with-multi-criteria-rating-by-reviewx-129-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-bulk-edit-products-prices-attributes-for-woocommerce-basic/elex-woocommerce-advanced-bulk-edit-products-prices-attributes-149-authenticated-shop-manager-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-260127-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2026-02-18T18:11:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-1103-remote-code-execution</loc>
<lastmod>2020-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-bundle/wpc-product-bundles-for-woocommerce-853-missing-authorization</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3122-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpowerpack/powerpack-for-beaver-builder-2330-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-increase-your-sales-117-missing-authorization</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-with-carousel/image-hover-effects-for-elementor-with-lightbox-and-flipbox-302-authenticated-contributor-stored-cross-site-scripting-via-_id-oxi_addons_f_title_tag-and-content_description_tag-parameters</loc>
<lastmod>2024-06-05T13:04:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/liveagent/liveagent-447-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-link/gamipress-link-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-04T20:43:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-thumbnail-slider/responsive-thumbnail-slider-101-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2015-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-158-arbitrary-file-upload</loc>
<lastmod>2022-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-plus/reviews-plus-134-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-slider/media-slider-photo-sleder-video-slider-link-slider-carousal-slideshow-139-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-lite/ajax-search-lite-311-missing-authorization-to-remote-code-execution</loc>
<lastmod>2015-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-variation-swatches/variation-swatches-for-woocommerce-108-132-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2025-01-22T20:53:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-auto-coupons/auto-coupons-for-woocommerce-3014-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-wordpress-posts-bulk-editor-and-manager-professional-1081-cross-site-request-forgery</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stock-exporter-for-woocommerce/stock-exporter-for-woocommerce-110-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-651-cross-site-request-forgery-to-profile-update</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-landing-page-popupx-marketing-automation-affiliate-marketing-43-missing-authorization-via-init_endpoint</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-for-elementor-5110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-missing-authorization-via-multiple-functions</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-email-set-up/new-user-email-set-up-052-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrestaurants/vikrestaurants-table-reservations-and-take-away-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-data-table-for-elementor/advanced-data-table-for-elementor-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-favorites-extension/mainwp-various-extensions-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/camera-slideshow/camera-slideshow-1401-reflected-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-3508-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilang-contact-form/multilang-contact-form-15-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fsqm-pro/eform-4180-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T09:45:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/cincopa-video-and-media-plug-in-1137-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusewp/fusewp-wordpress-user-sync-to-email-list-marketing-automation-mailchimp-constant-contact-activecampaign-etc-11230-missing-authorization-to-authenticated-subscriber-sync-rule-creation</loc>
<lastmod>2025-10-30T13:59:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-1935-php-object-injection</loc>
<lastmod>2020-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-232-sql-injection</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3168-reflected-cross-site-scripting-in-ux-builder</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-menu-widget/dropdown-menu-widget-197-reflected-cross-site-scripting</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-545-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-online/applyonline-application-form-builder-and-manager-255-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vrm360/vrm-360-3d-model-viewer-121-authenticatedsubscriber-sensitive-information-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appbox/wp-appbox-4317-local-file-inclusion</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-post-duplicator/wp-bulk-post-duplicator-12-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-45-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickiebar/quickiebar-184-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-pc-builder-lite-for-woocommerce/custom-pc-builder-lite-for-woocommerce-101-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-187-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-282-unauthenticated-sql-injection</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bannerman/bannerman-024-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1376-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-05-22T15:27:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-xprofile-image-field/buddypress-xprofile-custom-image-field-301-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf2pdf/gravity-2-pdf-313-reflected-cross-site-scripting</loc>
<lastmod>2025-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-109-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shieldon/wp-shieldon-163-reflected-cross-site-scripting</loc>
<lastmod>2021-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-688-unauthenticated-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2026-05-07T20:01:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-donation-box/cryptocurrency-donation-box-bitcoin-crypto-donations-227-authenticated-administrator-sql-injection</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-delete-users-by-email/bulk-delete-users-by-email-12-cross-site-request-forgery</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/foodbakery-delivery-restaurant-directory-wordpress-theme-21-reflected-cross-site-scripting</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-email-shortcode/my-email-shortcode-091-improper-neutralization-of-input-during-web-page-generation-cross-site-scripting</loc>
<lastmod>2026-05-26T17:20:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-code-manager/header-footer-code-manager-1123-cross-site-scripting</loc>
<lastmod>2022-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-cart-woocommerce/side-cart-woocommerce-ajax-22-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-free-client-photo-galleries-for-photographers-311-unauthenticated-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netcash-pay-now-payment-gateway-for-woocommerce/netcash-woocommerce-payment-gateway-413-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-13T17:16:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-256-cross-site-request-forgery-to-account-compromise</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-rating/multi-rating-506-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-cross-site-request-forgery-via-categorifyajaxupdatefolderposition</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/continue-shopping-from-cart-page/continue-shopping-from-cart-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-svg-support-for-media-uploader-inventivo/add-svg-support-for-media-uploader-inventivo-105-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/materialis-companion/materialis-companion-1341-authenticated-contributor-store-cross-site-scripting-via-materialis_contact_form-shortcode</loc>
<lastmod>2024-06-05T15:30:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutena-forms/gutena-forms-contact-form-survey-form-feedback-form-booking-form-and-custom-form-builder-161-missing-authorization-to-authenticated-contributor-settings-update</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-drag-drop-contact-form-builder-for-wordpress-19244-reflected-cross-site-scripting-via-url</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/down-as-pdf/hacklog-down-as-pdf-236-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-slideshow-manager/simple-slideshow-manager-23-reflected-cross-site-scripting</loc>
<lastmod>2017-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-embeds/video-embeds-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-auto-publish/dx-auto-publish-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chalet-montagne-com-tools/chalet-montagnecom-tools-278-reflected-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kerge/kerge-413-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-hours-scheduler-for-woocommerce/store-hours-for-woocommerce-4320-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ftp-sync/ftp-sync-116-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-205-authenticatedcontributor-stored-cross-site-scripting-via-block-content</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-22203-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-cycler/banner-cycler-14-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-cart-direct-checkout-for-woocommerce/direct-checkout-add-to-cart-redirect-for-woocommerce-2148-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-shortcode/buddypress-activity-shortcode-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-151-reflected-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/couponxxl/couponxxl-300-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-price-list-element</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/couponxxl/couponxxl-450-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123contactform-for-wordpress/123contactform-for-wordpress-156-validation-bypass-via-plugin-verification</loc>
<lastmod>2021-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-plugins-stripe-woo/stripe-payments-for-woocommerce-by-checkout-191-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.2/wordpress-core-524-authorization-bypass</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friendly-functions-for-welcart/friendly-functions-for-welcart-125-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T20:32:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purple-xmls-google-product-feed-for-woocommerce/product-feed-on-woocommerce-for-google-awin-shareasale-bing-and-more-3310-authenticated-sql-injection-via-product_id-parameter</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/availability/availability-calendar-024-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noisa/noisa-260-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-16810-authenticated-administrator-arbitrary-file-read</loc>
<lastmod>2025-06-10T15:30:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registration-login-with-mobile-phone-number/registration-login-with-mobile-phone-number-for-woocommerce-131-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crayon-syntax-highlighter/crayon-syntax-highlighter-20-2610-missing-authorization</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-1617-reflected-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-545-authenticated-contributor-stored-cross-site-scripting-via-percentage-parameter</loc>
<lastmod>2025-10-23T09:43:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-183-improper-authorization-via-get_remote_templates-rest-endpoint</loc>
<lastmod>2023-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-91-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envato-elements/envato-elements-2014-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/wc-marketplace-4023-missing-authorization-via-mvx_save_dashpages</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-freightquote-edition/ltl-freight-quotes-freightquote-edition-2311-unauthenticated-sql-injection</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lightbox-2/wp-lightbox-2-307-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-wall/wp-wall-173-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-432-missing-authorization-to-authenticated-shop-manager-license-key-deletion-via-yaymail-licensev1licensedelete-endpoint</loc>
<lastmod>2026-02-17T19:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-653-authenticated-contributor-stored-cross-site-scripting-via-fb_appid</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ever-accounting/ever-accounting-215-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-249-unauthenticated-remote-code-execution-via-form_process</loc>
<lastmod>2026-03-20T08:36:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-textillate/easy-textillate-202-authenticatedcontributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiare-membership/tiare-membership-12-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-26T16:25:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/patricia-blog/patricia-blog-12-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-1120-missing-authorization-to-authenticated-contributor-form-creation</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shop-as-a-customer-for-woocommerce/shop-as-a-customer-for-woocommerce-117-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms-gateway-paypal/lifterlms-paypal-140-reflected-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/employee-directory/employee-directory-451-authenticated-contributor-stored-cross-site-scripting-via-noaccess_msg-parameter</loc>
<lastmod>2025-08-04T18:45:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/appointment-booking-calendar-plugin-and-scheduling-plugin-bookingpress-1121-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-megamenu/wp-mega-menu-142-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-742-authenticatedadministrator-directory-traversal-to-arbitrary-csv-file-deletion</loc>
<lastmod>2023-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/basil/basil-204-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-capture-lead-generation/email-capture-lead-generation-102-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1812-reflected-cross-site-scripting-via-layoutstyle-parameter</loc>
<lastmod>2026-06-30T20:07:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-and-post-restriction/page-restriction-wordpress-wp-protect-wp-pagespost-136-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/post-form-registration-form-profile-form-for-user-profiles-frontend-content-forms-for-user-submissions-ugc-287-missing-authorization-to-unauthenticated-media-upload</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3128-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-to-action-plugin/call-to-action-plugin-313-cross-site-request-forgery-via-settings-update</loc>
<lastmod>2026-04-21T19:07:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guten-free-options/guten-free-options-095-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0890-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2022-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-2133-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3111-authenticated-contributor-stored-cross-site-scripting-via-gradient-heading-widget</loc>
<lastmod>2024-06-28T17:53:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flying-press/flyingpress-396-missing-authorization</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-easy-form-builder-for-wordpress-1916-cross-site-request-forgery-csrf-to-plugins-log-deletion</loc>
<lastmod>2024-11-12T14:02:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorsy/authorsy-106-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-31015-missing-authorization-to-arbitrary-sql-execution</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/besa/besa-238-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fb-reviews-widget/social-reviews-recommendations-25-unauthenticated-stored-cross-site-scripting-via-social-media-reviews</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-shortcode/custom-content-shortcode-388-unauthorised-arbitrary-post-metadata-access</loc>
<lastmod>2022-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/corsa/corsa-theme-15-authenticated-arbitrary-file-upload</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multi-currency/curcy-woocommerce-multi-currency-currency-switcher-236-unauthenticated-sql-injection</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-form-for-paypal-pro/payment-form-for-paypal-pro-102-reflected-cross-site-scripting</loc>
<lastmod>2015-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ep4-more-embeds/ep4-more-embeds-100-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress2-shortcode-whitelist/bbpress2-shortcode-whitelist-221-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitformpro/bit-form-pro-264-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-video-player/flash-video-player-504-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-contact-forms/custom-contact-forms-5103-missing-authorization</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-onepager/templatesnext-onepager-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-login-page/hide-login-page-117-login-page-disclosure</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/especio/especio-food-blog-elementor-pro-template-kit-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-267-reflected-cross-site-scripting</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-membership-subscriptions-effortless-memberships-recurring-payments-content-restriction-2128-reflected-cross-site-scripting</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/panorama/panorama-360-degree-virtual-tour-panoramic-image-viewer-and-more-161-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-gutenberg-block-303-missing-authorization</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3com-asesor-de-cookies/3com-asesor-de-cookies-343-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beyot-framework/smart-framework-multiple-plugins-missing-authorization-to-authenticated-subscriber-settings-updates</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-31-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-550-hardcoded-encryption-key</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-450-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-06-13T21:04:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/pdf-flipbook-3d-flipbook-pdf-embed-pdf-viewer-dearflip-2332-reflected-cross-site-scripting</loc>
<lastmod>2024-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-demon/car-demon-181-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T15:11:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-222-unauthenticated-information-exposure</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-agenda-prise-de-rendez-vous-en-ligne/smart-agenda-49-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1566-authenticated-stored-cross-site-scripting-via-gallery-title</loc>
<lastmod>2021-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cors/wp-cors-021-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appbox/wp-appbox-454-authenticated-contributor-stored-cross-site-scripting-via-appbox-shortcode</loc>
<lastmod>2025-02-20T21:24:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/christmas-panda/christmas-panda-104-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/larsens-calender/larsens-calender-12-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-310-arbitrary-file-deletion</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-1551-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksbuilder/bricks-builder-198-insecure-direct-object-reference</loc>
<lastmod>2024-06-21T15:59:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-553-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3123-arbitrary-asset-manager-usage</loc>
<lastmod>2021-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generate-dummy-posts/generate-dummy-posts-100-missing-authorization</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-admin/blue-admin-210601-cross-site-request-forgery</loc>
<lastmod>2021-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curated-search/curated-search-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/genesis/open-source-genesis-framework-360-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-wishlist/wishlist-for-woocommerce-113-insecure-direct-object-reference-to-unauthenticated-wishlist-manipulation</loc>
<lastmod>2025-11-24T19:15:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-2104-reflected-cross-site-scripting-via-tab-and-section-parameter</loc>
<lastmod>2021-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horoscope-and-tarot/horoscope-and-tarot-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:46:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aw-woocommerce-kode-pembayaran/aw-woocommerce-kode-pembayaran-114-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1833-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-redirect-manager/premmerce-redirect-manager-1010-cross-site-request-forgery-via-deleteredirect</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp-me/rsvp-me-199-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-accessible-event-ticketing-2016-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-23T18:25:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revenue/wowrevenue-213-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2026-02-16T07:19:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-63-reflected-cross-site-scripting</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maanstore-api/maanstore-api-101-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-smart-quick-view/wpc-smart-quick-view-for-woocommerce-421-authenticated-contributor-stored-cross-site-scripting-via-woosq_btn-shortcode</loc>
<lastmod>2025-08-19T16:23:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-213-cross-site-request-forgery</loc>
<lastmod>2025-12-04T17:30:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-chatgpt-chatbot-content-generator-gpt-3-4-ultra-customizable-1682-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-plus-for-woocommerce/booster-566-and-booster-plus-564-for-woocommerce-authenticated-shop-manager-information-exposure-via-arbitrary-file-download</loc>
<lastmod>2022-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news-magazine-x/news-magazine-x-1237-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-587-missing-authorization</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anti-spam/titan-anti-spam-security-41-cross-site-scripting</loc>
<lastmod>2016-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-1629-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-from-server/add-from-server-331-cross-site-request-forgery</loc>
<lastmod>2016-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3211-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zita-site-library/zita-elementor-site-library-161-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kn-fix-your/kn-fix-your-title-101-stored-cross-site-scripting</loc>
<lastmod>2021-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-post-excerpt/scroll-post-excerpt-80-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-wordpress-search-plugin-4510-reflected-cross-site-scripting</loc>
<lastmod>2021-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capabilities-pro/publishpress-capabilities-251-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogistic/blogistic-105-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-605-authenticatedcontributor-stored-cross-site-scripting-via-osm_map-shortcode</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commerce-coinbase-for-woocommerce/coinbase-commerce-crypto-gateway-for-woocommerce-166-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-landing-page-popupx-marketing-automation-affiliate-marketing-44-missing-authorization-on-publish_lp</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-wp-query-search-filter/ajax-wp-query-search-filter-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backup-and-restore-wordpress-wordpress-145-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/woocs-woocommerce-currency-switcher-1417-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-internal-links/stylish-internal-links-19-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-198-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-data-collector/form-data-collector-223-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycurator/mycurator-content-curation-376-reflected-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/actionwear-products-sync/actionwear-products-sync-232-unauthenticated-full-patch-disclosure</loc>
<lastmod>2025-02-17T15:39:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-wp/coming-soon-under-construction-maintenance-mode-by-dazzler-212-maintenance-mode-bypass</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-467-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-mp4-video-player-plugin-and-block-2534-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2024-09-10T15:52:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-forms/aio-forms-1318-authenticated-admin-arbitrary-file-upload-via-zip-import</loc>
<lastmod>2025-10-23T20:07:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-460-unauthenticated-donor-data-exposure</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-video-player/agile-video-player-lite-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1442-unauthenticated-arbitrary-file-deletion-triggered-via-administrator-form-submission-deletion</loc>
<lastmod>2025-07-01T16:22:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-398-authenticated-admin-sql-injection-via-date-parameter</loc>
<lastmod>2026-04-16T15:15:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/travelly-tour-travel-booking-manager-for-woocommerce-tour-hotel-booking-solution-217-missing-authorization</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-reviews/listingpro-reviews-2911-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woffice/woffice-5421-authentication-bypass-via-registration-role</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/konzept/konzept-unknown-version-cross-site-scripting</loc>
<lastmod>2012-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-160-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/alinext-351-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2293-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplr-registration-form/simplr-registration-form-plus-245-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spexo/spexo-2011-missing-authorization-to-authenticated-subscriber-limited-plugin-activation</loc>
<lastmod>2026-06-26T17:49:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photokit/photokit-10-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13327-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-543-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/analytics-cat-google-analytics-made-easy-112-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catch-dark-mode/catch-dark-mode-201-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-699-authenticated-subscriber-sql-injection</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-292-authentication-bypass-via-social-logins</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dropdown-multisite-selector/dropdown-multisite-selector-094-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edmin/themify-edmin-200-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/az-content-finder/az-content-finder-01-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt-easy-builder-advanced-addons-for-elementor/rt-easy-builder-advanced-addons-for-elementor-20-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-663-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-slideshow/layer-slider-1197-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-webp-ico-upload/enable-svg-webp-ico-upload-111-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-240-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-12-11T06:34:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-4050-stored-cross-site-scripting-via-media-upload</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-360-reflected-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usb-qr-code-scanner-for-woocommerce/usb-qr-code-scanner-for-woocommerce-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-10T15:24:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-editor-google-map/site-editor-google-map-101-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-title-description-open-graph-updater/page-title-description-open-graph-updater-102-cross-site-request-forgery-to-arbitrary-page-title-modification</loc>
<lastmod>2026-02-18T15:38:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4136-missing-authorization</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redi-restaurant-reservation/redi-restaurant-reservation-210307-stored-cross-site-scripting</loc>
<lastmod>2021-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-block/image-hover-effects-block-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-to-miniprogram/rest-api-to-miniprogram-471-unauthenticated-sql-injection</loc>
<lastmod>2024-09-24T12:22:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tacticool/tacticool-1013-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-sites/starter-templates-324-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadly/broadly-for-wordpress-302-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-learning-management-system-for-wordpress-wordpress-lms-1841-privilege-escalation</loc>
<lastmod>2015-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-items-visibility-control/menu-item-visibility-control-05-authenticated-admin-remote-code-execution</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a4-barcode-generator/print-labels-with-barcodes-create-price-tags-product-labels-order-labels-for-woocommerce-346-improper-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-map-creator/easy-map-creator-302-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:30:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breaking-news-wp/breaking-news-wp-13-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-126-missing-authorization-to-authenticated-subscriber-information-disclosure-of-ai-api-keys-and-stored-cross-site-scripting-via-custom_css</loc>
<lastmod>2026-02-05T00:53:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-182-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landingi-landing-pages/landingi-landing-pages-311-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log-premium/wp-activity-log-premium-450-missing-authorization-via-ajax_switch_db</loc>
<lastmod>2023-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41021-authenticated-contributor-stored-cross-site-scripting-via-banner-team-members-and-image-scroll-widgets</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-bit-form-2203-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-08-14T18:09:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-gallery/awesome-gallery-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insta-gallery/wp-social-feed-gallery-439-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-310-sql-injection</loc>
<lastmod>2014-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailcwp/mailcwp-1100-arbitrary-file-upload</loc>
<lastmod>2015-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media-without-import/external-media-without-import-112-authenticated-subscriber-blind-server-side-request-forgery</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-158-unauthenticated-stored-cross-site-scripting-via-arf_http_referrer_url</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-31-cross-site-scripting</loc>
<lastmod>2013-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3292-authenticated-author-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2024-06-11T19:58:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3111-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/highlight/highlight-1029-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ekiline-block-collection/ekiline-block-collection-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-1289-authenticated-contributor-stored-cross-site-scripting-via-disablelazy-attribute</loc>
<lastmod>2026-04-10T11:49:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oik/oik-4152-reflected-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-link-preview/visual-link-preview-241-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-polls/polls-cp-101-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase-helpdesk-pro/kbx-pro-ultimate-805-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/productdyno/productdyno-1024-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4144-authenticated-contributor-stored-cross-site-scripting-via-edit-profile-text-box-shortcode</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-planet/wp-planet-01-reflected-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1720-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-183-reflected-cross-site-scripting</loc>
<lastmod>2020-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager-pro-extended/events-manager-pro-extended-01-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/genemy/genemy-creative-minimal-landing-page-builder-for-digital-startup-design-studio-agency-in-marketing-166-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-companion/cpo-companion-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-125-authentication-bypass-via-2fa-setup</loc>
<lastmod>2022-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tickera-event-ticketing-system/tickera-wordpress-event-ticketing-3544-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-post-meta/display-post-meta-244-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slim-seo/slim-seo-498-authenticated-contributor-insufficient-authorization-to-private-content-disclosure-via-objectid-parameter</loc>
<lastmod>2026-06-30T19:21:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-hooks/awesome-hooks-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/NativeChurch/nativechurch-161-arbitrary-file-download</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.4/wordpress-core-643-sensitive-information-exposure-via-redirect_guess_404_permalink</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-menu/custom-menu-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-svg/easy-svg-support-320-cross-site-scripting-via-svg-upload</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vagonic-sortable/woocommerce-products-reorder-drag-drop-multiple-sort-sortable-rearrange-products-vagonic-19-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-page-builder-features-3532-incorrect-authorization-to-authenticated-contributor-post-publication</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/woocommerce-otp-login-with-phone-number-otp-verification-1847-authentication-bypass</loc>
<lastmod>2025-08-14T13:55:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-missing-domain-restriction</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-592-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3316-open-redirect</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-portfolio/wordpress-portfolio-plugin-a-plugin-for-making-filterable-portfolio-grid-portfolio-slider-and-more-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/echbay-admin-security/echbay-admin-security-130-reflected-cross-site-scripting</loc>
<lastmod>2025-11-20T19:30:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dadata-ru/-dadataru-106-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-type-x/product-catalog-simple-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitespeaker-widget/sitenarrator-text-to-speech-widget-19-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-media-replace/enable-media-replace-412-authenticatedauthor-php-object-injection</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotcha-gesture-based-captcha/gotcha-gesture-based-captcha-100-reflected-cross-site-scripting-via-menu-parameter</loc>
<lastmod>2025-03-21T17:56:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lmbbox-smileys/lmbbox-smileys-32-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T16:03:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection/redirection-273-local-file-inclusion</loc>
<lastmod>2018-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmarketplace/marketplace-240-path-traversal</loc>
<lastmod>2015-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstoic-shortcodes/mstoic-shortcodes-20-authenticated-contributor-stored-cross-site-scripting-via-start-shortcode-attribute</loc>
<lastmod>2026-01-06T20:29:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-business-developer-and-agency-multiple-versions-reflected-dom-based-cross-site-scripting-via-content</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixel-cost-of-goods/cost-of-goods-by-pixelyoursite-1212-unauthenticated-stored-cross-site-scripting-via-cost-of-goods-import</loc>
<lastmod>2026-05-19T15:32:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/download-ip2location-country-blocker-2342-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more-filters/ajax-load-more-filters-341-unauthenticated-stored-cross-site-scripting-via-taxonomy_include_children-field</loc>
<lastmod>2026-06-29T21:07:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-4923-unauthenticated-cross-site-scripting</loc>
<lastmod>2018-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ga-universal/ga-universal-101-cross-site-request-forgery</loc>
<lastmod>2013-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-841-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-424-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2026-01-01T13:23:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-builder/wc-builder-1018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-variation-swatches/th-variation-swatches-127-cross-site-request-forgery-via-delete_settings</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-file-access/restrict-file-access-112-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-06-13T19:37:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boostify-header-footer-builder/boostify-header-footer-builder-for-elementor-136-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-auction/ultimate-auction-425-cross-site-request-forgery</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classy-addons-for-elementor/classy-addons-for-elementor-127-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capability-manager-enhanced/publishpress-capabilities-232-reflected-cross-site-scripting</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-500-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-email-marketer/wp-ultimate-email-marketer-120-cross-site-scripting</loc>
<lastmod>2013-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-311-improper-access-control-to-information-disclosure</loc>
<lastmod>2014-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-247-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/telegram-bot/telegram-bot-channel-362-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-6464-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-204-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-6511-customersubscriber-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-generator/favicon-generator-15-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wolmart/wolmart-multi-vendor-marketplace-woocommerce-theme-1811-unauthenticated-arbitrary-shortcode-execution-in-wolmart_loadmore</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-103-unauthenticated-sql-injection</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-172-cross-site-request-forgery-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-shop-as-customer/wpc-shop-as-a-customer-for-woocommerce-126-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2813-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-05T15:36:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-325-reflected-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-145-missing-authorization-to-authenticated-contributor-configuration-deletion</loc>
<lastmod>2026-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-3143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-526-cross-site-request-forgery</loc>
<lastmod>2022-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpeventplus/wordpress-events-calendar-registration-tickets-260-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ultimate-gift-card/woocommerce-ultimate-gift-card-292-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-02-27T19:46:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-file-uploader-extension/mainwp-file-uploader-extension-41-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arca-payment-gateway/arca-payment-gateway-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-2230-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-new-category-creation</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/data-dash/data-dash-123-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-by-supsystic/slider-by-supsystic-186-cross-site-request-forgery</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-257-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-301-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-shortcodes-creator/shortcodes-blocks-creator-ultimate-220-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-12-06T11:59:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mihdan-yandex-turbo-feed/mihdan-yandex-turbo-feed-1651-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-booking/booking-appointment-plugin-for-woocommerce-690-authenticated-subscriber-arbitrary-option-update</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-express-checkout/paypal-express-checkout-212-cross-site-request-forgery</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoptimize/autoptimize-3113-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-03T00:32:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopengine/shopengine-485-cross-site-request-forgery-to-wishlist-manipulation</loc>
<lastmod>2025-12-02T23:42:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidy-up/tidy-up-13-cross-site-request-forgery</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-430-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3620-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/specific-content-for-mobile/specific-content-for-mobile-customize-the-mobile-version-without-redirections-055-authenticated-contributor-sql-injection</loc>
<lastmod>2025-11-11T22:53:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.8 beta 1/wordpress-core-58-beta-block-editor-authorization-bypass</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1301-relected-cross-site-scripting-via-tax_name</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-1067-unauthenticated-arbitrary-filter-call</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-stripe/woocommerce-stripe-payment-gateway-761-insecure-direct-object-reference-via-update_payment_intent_ajax</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp2leads/wp2leads-350-reflected-cross-site-scripting</loc>
<lastmod>2025-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-2413-authenticated-admin-php-object-injection</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-532-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-18T20:00:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-plugin-2910-unauthenticated-sql-injection</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-blocker/user-blocker-155-authenticated-admin-csv-injection</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-brand/my-wp-brand-hide-menu-hide-plugin-112-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-tables/ultimate-tables-165-reflected-cross-site-scripting</loc>
<lastmod>2022-11-17T14:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/solid-security-931-ip-address-spoofing-to-denial-of-service</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-carousel/image-carousel-10041-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/correos-oficial/correos-oficial-1300-unauthenticated-arbitrary-file-download</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-folder/wp-media-folder-572-missing-authorization-to-authenticatedsubscriber-title-modification</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2053-cross-site-scripting</loc>
<lastmod>2019-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-404-auto-redirect-to-similar-post/wp-404-auto-redirect-to-similar-post-103-reflected-cross-site-scripting-via-request</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/u-design/udesign-theme-230-279-unauthenticated-dom-cross-site-scripting</loc>
<lastmod>2015-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404s/404s-349-administrator-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kunze-law/kunze-law-21-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-maker/contact-form-maker-1730-authenticated-admin-sql-injection</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-64-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-spam-remover/user-spam-remover-10-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/NebulaX/nebulax-50-unauthenticated-sql-injection</loc>
<lastmod>2018-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-864-unauthenticated-php-object-injection-via-shortcode-rest-api-route</loc>
<lastmod>2024-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-factory/responsive-image-slider-photo-gallery-and-carousel-132-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/molongui-authorship/molongui-473-missing-authorization</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-637-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/naver-map/naver-map-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-199-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-1265-authenticated-author-stored-cross-site-scripting-via-attachment-meta</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-advanced-widgets-templates-addons-for-elementor-396-missing-authorization</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maintenance-switch/maintenance-switch-152-cross-site-request-forgery-via-admin_action_request</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hercules-core/hercules-core-65-missing-authorization-to-settings-update</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-354-cross-site-scripting</loc>
<lastmod>2013-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/training/training-courses-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/performance-lab/performance-lab-220-cross-site-request-forgery-via-dismiss-wp-pointer</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masvideos/mas-videos-132-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-5519-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-244-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worpit-admin-dashboard-plugin/icontrolwp-multiple-wordpress-site-manager-445-unauthenticated-php-object-injection</loc>
<lastmod>2025-01-30T00:41:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-233-cross-site-request-forgery-via-several-functions</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-bidouille/wps-bidouille-1331-missing-authorization</loc>
<lastmod>2025-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3824-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-29T18:57:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drop-shadow-boxes/drop-shadow-boxes-1710-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliator-lite/affiliator-213-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto-testimonials/canto-testimonials-10-authenticated-contributor-stored-cross-site-scripting-via-fx-shortcode-attribute</loc>
<lastmod>2026-01-23T19:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/guff/guff-101-missing-authorization</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-contact-form-payment-form-custom-form-builder-1270-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-role-editor/user-role-editor-4643-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-12-16T19:51:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-62-cross-site-request-forgery-leading-to-cross-site-scripting</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityforms/gravity-forms-2930-unauthenticated-stored-cross-site-scripting-via-credit-card-card-type-sub-field</loc>
<lastmod>2026-04-07T10:47:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hashbar-wp-notification-bar/hashbar-wordpress-notification-bar-141-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-catalog-woocommerce/pdf-catalog-woocommerce-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/restaurant-and-cafe/restaurant-and-cafe-121-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi/flexi-guest-submit-428-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-thermometer/donation-thermometer-227-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-250419-authenticated-administrator-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/educenter/educenter-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-25T19:14:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-2316-sql-injection</loc>
<lastmod>2016-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autoship-cloud/autoship-cloud-for-woocommerce-subscription-products-2143-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-funnel-builder-for-woocommerce-checkout-31312-authenticated-contributor-stored-cross-site-scripting-via-wfop_phone-shortcode</loc>
<lastmod>2025-11-18T17:41:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-url/pretty-url-155-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1307-unauthenticated-sql-injection</loc>
<lastmod>2021-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/personal-authors-category/personal-authors-category-03-reflected-cross-site-scripting</loc>
<lastmod>2026-02-13T16:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-headline/animated-headline-40-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xc-woo-google-cloud-print/woocommerce-automatic-order-printing-formerly-woocommerce-google-cloud-print-41-insecure-direct-object-reference-to-authenticated-subscriber-order-information-disclosure</loc>
<lastmod>2025-04-23T19:39:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-472-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T16:03:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fastx/fastx-102-missing-authorization-to-authenticated-subscriber-limited-plugin-installation-and-activation</loc>
<lastmod>2026-05-21T15:59:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-11351-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metasync/search-atlas-seo-premier-seo-plugin-for-one-click-wp-publishing-integrated-ai-optimization-244-2515-missing-authorization-to-authenticated-subscriber-authentication-bypass-via-account-takeover</loc>
<lastmod>2026-01-27T21:31:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mail/smtp-mail-1349-cross-site-request-forgery</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melapress-login-security/melapress-login-security-210-211-authentication-bypass-to-privilege-escalation-via-get_valid_user_based_on_token-function</loc>
<lastmod>2025-07-25T16:23:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-3794-reflected-cross-site-scripting</loc>
<lastmod>2017-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-reports-lite/nikanwp-woocommerce-reporting-100-cross-site-request-forgery</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.0/wordpress-core-603-reflected-cross-site-scripting-via-sql-injection</loc>
<lastmod>2022-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Newspaper/newspaper-news-woocommerce-wordpress-theme-672-cross-site-scripting</loc>
<lastmod>2016-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recipe-card-blocks-by-wpzoom/recipe-card-blocks-by-wpzoom-282-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyklodev-wp-notify/cyklodev-wp-notify-121-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-332-multiple-cross-site-request-forgery</loc>
<lastmod>2016-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6311-cross-site-request-forgery-to-user-post-creation</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-274-cross-site-scripting</loc>
<lastmod>2022-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor-premium/unlimited-elements-for-elementor-premium-1472-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4243-free-and-2274-premium-unauthenticated-stored-cross-site-scripting-via-search-highlights</loc>
<lastmod>2025-05-06T13:45:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership-wp-user-import/simple-membership-wp-user-import-17-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gettext-override-translations/gettext-override-translations-101-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woofunnels-aero-checkout/funnelkit-checkout-3103-authenticatedsubscriber-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-widgets-bundle/siteorigin-widgets-bundle-1581-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-679-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-word-count/wp-word-count-323-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-plus/media-library-folders-830-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2025-02-14T20:08:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tip-woo/order-tip-for-woocommerce-131-missing-authorization-to-unauthenticated-data-export</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wppizza/wppizza-3198-missing-authorization</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable-kinetic/formidable-kinetic-1101-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:25:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chp-ads-block-detector/chp-ads-block-detector-394-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-auto-tool/ai-auto-tool-content-writing-assistant-gemini-writer-chatgpt-all-in-one-212-missing-authorization</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-6770-missing-authorization-to-admin-account-creation</loc>
<lastmod>2025-08-15T14:55:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2800-cross-site-request-forgery</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-45130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1136-missing-authorization</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-print/wp-print-251-cross-site-request-forgery</loc>
<lastmod>2013-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmaker-619-sql-injection</loc>
<lastmod>2019-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-favorite-posts/wp-favorite-posts-168-cross-site-request-forgery</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/winters/winters-143-prototype-pollution-to-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swp-portfolio/portfolio-builder-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-metadata/display-post-meta-term-meta-comment-meta-and-user-meta-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zoho/integration-for-contact-form-7-and-zoho-crm-bigin-130-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booked/booked-244-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_order</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-1119-stored-cross-site-scripting</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1164-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qode-essential-addons/qode-essential-addons-163-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-grid-slider/content-grid-slider-15-reflected-cross-site-scripting</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-203-denial-of-service</loc>
<lastmod>2006-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0928-remote-code-execution</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybookprogress/mybookprogress-by-stormhill-media-108-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7610-unauthenticated-content-injection</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-blocks/genesis-blocks-313-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-job-board-wordpress-theme-481-authentication-bypass</loc>
<lastmod>2025-10-30T18:40:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-payments/paytm-payment-gateway-273-authenticated-editor-sql-injection-via-post</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kuteshop/kuteshop-429-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooexim/wooexim-500-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-3510-reflected-cross-site-scripting</loc>
<lastmod>2025-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-links-page/wp-links-page-494-cross-site-request-forgery-via-wplf_ajax_update_screenshots</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cg-scroll-to-top/cg-scroll-to-top-35-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eldon/eldon-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf-geoplugin/geo-controller-852-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4324-missing-authorization-to-unauthenticated-sensitive-user-information-disclosure-via-rest-api</loc>
<lastmod>2026-01-19T14:52:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ithemes-sync/ithemes-sync-2017-authentication-bypass</loc>
<lastmod>2019-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_scraper/wordpress-woocommerce-scraper-plugin-import-data-from-any-website-107-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-170-sql-injection-via-orderby</loc>
<lastmod>2019-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-performance-lite/swift-performance-lite-23620-cross-site-request-forgery</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledge-base-maker/knowledge-base-8211-knowledge-base-maker-118-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-138-cross-site-request-forgery-via-movetotrash-and-fetch_and_insert_template_data</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-170-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oopspam-anti-spam/oopspam-anti-spam-1135-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-828-reflected-cross-site-scripting</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/microblog-poster/microblog-poster-162-authenticated-blind-sql-injection</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-spoiler/simple-spoiler-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rdp-ingroups/rdp-ingroups-106-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/user-manager-2912-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-724-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventon-lite/eventon-wordpress-virtual-event-calendar-plugin-454-pro-228-free-cross-site-request-forgery-via-save_virtual_event_settings</loc>
<lastmod>2024-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-300-authenticated-subscriber-authorization-bypass</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-335-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2026-02-04T20:43:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-contact-form-7-1364-file-upload-size-limit-bypass</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets-extended/code-snippets-extended-147-cross-site-request-forgery</loc>
<lastmod>2022-05-17T14:52:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobica-core/jobica-core-141-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-138-unauthenticated-username-enumeration</loc>
<lastmod>2017-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-property-feed/houzez-property-feed-2421-cross-site-request-forgery-to-property-feed-export-deletion</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-salesiq/zoho-salesiq-108-cross-site-scripting</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-3804-sql-injection</loc>
<lastmod>2017-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-1199-missing-authorization-via-rest-api-endpoints</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-1313-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-06-14T20:13:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1352-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doccure/doccure-core-153-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-09-08T05:35:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onestore-sites/onestore-sites-011-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soons/coming-soon-under-construction-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-3756-server-side-request-forgery-via-church_admin_import_csv</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcfm-marketplace-rest-api/woocommerce-multivendor-marketplace-rest-api-162-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-21T17:52:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/centangle-team/centangle-team-showcase-100-cross-site-request-forgery-to-plugins-settings-modification-and-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:51:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-pro/dokan-pro-504-authenticated-vendor-privilege-escalation-via-update_capabilities-rest-endpoint</loc>
<lastmod>2026-06-30T17:43:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-messenger-chat-widget</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-162-missing-authorization-via-admininit</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ele-blog/eleblog-elementor-blog-and-magazine-addons-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourfic/tourfic-2214-missing-authorization</loc>
<lastmod>2026-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-page-post-widget-clone/wp-page-post-widget-clone-101-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode/shortcode-081-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soho-hotel/soho-hotel-425-reflected-cross-site-scripting</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2617-authenticated-subscriber-sql-injection-via-orderby-parameter</loc>
<lastmod>2025-02-14T23:02:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pootle-page-builder/pootle-pagebuilder-wordpress-page-builder-571-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-1914-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-allow-hosts/wp-allowed-hosts-108-authenticated-administrator-stored-cross-site-scripting-via-allowed-hosts-parameter</loc>
<lastmod>2026-01-13T17:33:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-5811-cross-site-scripting</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-wp-admin/protect-wp-admin-38-unauthenticated-information-disclosure-to-protection-bypass</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coronavirus-covid-19-notice-message/coronavirus-covid-19-notice-message-112-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-116-cross-site-request-forgery</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-unauthenticated-privilege-escalation</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksforge/bricksforge-2017-missing-authorization-to-unauthenticated-arbitrary-email-sending</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superfly-menu/wordpress-menu-plugin-superfly-responsive-menu-5025-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontiran/fontiran-21-cross-site-request-forgery</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyforms/buddyforms-285-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-form-for-paypal-pro/payment-form-for-paypal-pro-1165-sql-injection</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zapier/zapier-for-wordpress-151-authenticated-subscriber-blind-server-side-request-forgery-via-updated_user-function</loc>
<lastmod>2025-03-25T22:25:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zbench/zbench-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-3751-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-12-03T14:17:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-and-permalink-manager-pro-2431-reflected-cross-site-scripting</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aforms-form-builder-for-price-calculator-cost-estimation/aforms-226-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-15T19:52:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-best-quiz/wp-best-quiz-10-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-42693-authenticated-contributor-sql-injection-via-order-parameter</loc>
<lastmod>2024-08-07T16:50:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ever-compare/ever-compare-123-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-220-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalinks-customizer/permalinks-customizer-282-reflected-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-missing-authorization-in-wpmsggsaveinformation</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-495-security-misconfiguration-with-url-hostnames</loc>
<lastmod>2018-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baiduseo/seobing-206-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-14T14:24:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-import-export/csv-import-export-11-cross-site-scripting</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-630-unauthenticated-sql-injection</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-notes/user-notes-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4020-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/same-category-posts/same-category-posts-1119-authenticated-author-stored-cross-site-scripting-via-widget-title-placeholder</loc>
<lastmod>2026-01-23T19:17:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/air-supply/airsupply-200-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pexlechris-adminer/database-management-tool-adminer-115-information-exposure</loc>
<lastmod>2022-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-395-log-reset</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stockholm-core/stockholm-core-241-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/we-testimonial-slider/we-testimonial-slider-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:46:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-2067-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-322-unauthenticated-sql-injection</loc>
<lastmod>2025-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/makeaholic/makeaholic-184-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flash-player/flash-player-plugin-13-cross-site-scripting</loc>
<lastmod>2015-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-430-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codecolorer/codecolorer-0101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-comboblocks-235-unauthenticated-paid-order-creation</loc>
<lastmod>2025-02-21T15:23:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/setka-editor/setka-editor-2120-cross-site-request-forgery-via-handlerequest</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-787-authorization-bypass</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-cross-site-scripting-via-shortcode-brackets</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-blog-designer/sp-blog-designer-100-authenticated-contributor-stored-cross-site-scripting-via-design-attribute</loc>
<lastmod>2026-05-11T19:07:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listivo/listivo-classified-ads-wordpress-theme-2367-reflected-cross-site-scripting</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-post-email-notification/wordpress-publish-post-email-notification-1022-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-elementor-forms/pdf-for-elementor-forms-drag-and-drop-template-builder-551-missing-authorization</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gaxx-keywords/gaxx-keywords-02-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-o-matic/print-o-matic-2110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/organicfood/organicfood-364-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salient-shortcodes/salient-shortcodes-153-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-443-authenticatedsubscriber-sensitive-information-exposure</loc>
<lastmod>2024-05-21T18:34:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-1719-missing-authorization</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/select-core/select-core-26-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1522-login-page-disclosure-via-adminhash</loc>
<lastmod>2019-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3242-missing-authorization-to-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-multi-view-calendar/calendar-event-multi-view-102-sql-injection</loc>
<lastmod>2014-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-108-cross-site-request-forgery-in-upload-and-delete_file</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1530-sql-injection</loc>
<lastmod>2019-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-project-management-task-management-tool-with-kanban-board-507-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/silvasoft-boekhouden/silvasoft-boekhouden-301-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-missing-authorization</loc>
<lastmod>2024-05-22T17:00:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reviews-plugin-for-google/widgets-for-google-reviews-109-cross-site-request-forgery-to-plugin-settings-reset</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-stripe/woocommerce-stripe-payment-gateway-740-unauthenticated-insecure-direct-object-reference-to-sensitive-information-disclosure</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirimemail-woocommerce-integration/kirimemail-woocommerce-integration-129-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-11T14:29:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtexttool/textmetrics-361-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squeeze/squeeze-14-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-product-addons-pro/woocommerce-custom-product-addons-pro-541-unauthenticated-remote-code-execution-via-custom-pricing-formula</loc>
<lastmod>2026-03-23T10:53:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2114-missing-authorization-to-authenticated-subscriber-post-content-download</loc>
<lastmod>2025-03-11T14:22:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editable-table/editable-table-simple-fast-frontend-from-sql-tables-014-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cron-dashboard/wp-cron-dashboard-116-cross-site-scripting</loc>
<lastmod>2013-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realbig-media/realbig-106-cross-site-request-forgery</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesking/salesking-1615-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-4115-authenticated-admin-remote-code-execution</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-321-unauthenticated-sql-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-cost-calculator/stylish-cost-calculator-quote-generator-lead-gen-price-estimator-839-missing-authorization</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-ciudades-y-regiones-de-chile/mkrapel-regiones-y-ciudades-de-chile-para-wc-430-cross-site-request-forgery-via-multiple-functions</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-4141-authenticated-subscriber-missing-authorization-to-limited-file-upload-via-popup-template-import</loc>
<lastmod>2026-03-23T10:26:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-builder/draft-309-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-832-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-1126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-copy-protector/wp-content-copy-protection-no-right-click-33-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-test-email/wp-test-email-117-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T18:16:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atomchat/atomchat-117-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-docs/smart-docs-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-03T12:20:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link2player/link2player-02-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/valvepress-rankie/rankie-182-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-fields-factory/wc-fields-factory-415-authenticated-administrator-sql-injection</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-2431-missing-authorization-to-authenticatedauthor-arbitrary-post-slug-modification</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-child-theme-creator/child-theme-creator-by-orbisius-127-arbitrary-file-write</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-smtp-mailer/stars-smtp-mailer-17-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-top/scroll-to-top-140-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-357-reflected-cross-site-scripting-via-s</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-designer/woocommerce-product-designer-433-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-menu/responsive-menu-40-403-authenticated-arbitrary-file-upload</loc>
<lastmod>2021-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this/sharethis-705-cross-site-request-forgery</loc>
<lastmod>2013-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0207-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-951-cross-site-scripting</loc>
<lastmod>2015-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-buttons/sticky-buttons-411-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-539-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/processing-projects/processing-projects-102-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hunk-companion/hunk-companion-185-missing-authorization-to-unauthenticated-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-182-authenticated-administrator-sql-injection</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-1613-arbitrary-usermeta-update-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/akismet-htaccess-writer/akismet-htaccess-writer-101-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-coupon-to-become-customer/ns-coupon-to-become-customer-122-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sem-wysiwyg/sem-wysiwyg-10-arbitrary-file-upload</loc>
<lastmod>2012-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-marketinghub/zoho-marketing-automation-127-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1319-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-freemind/freemind-viewer-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mm-forms-community/mm-forms-community-226-arbitrary-file-upload</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-video-player/universal-video-player-384-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf24-posts-to-pdf/pdf24-articles-to-pdf-422-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-plus-322-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backuply/backuply-backup-restore-migrate-and-clone-123-authenticated-administrator-directory-traversal</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-104-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-287-missing-authorization-to-information-disclosure-sd_global_value</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-191068-server-side-request-forgery</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connections/connections-business-directory-96-authenticated-csv-injection</loc>
<lastmod>2020-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlinecontract/wp-online-contract-514-missing-authorization-to-unauthenticated-settings-import</loc>
<lastmod>2025-03-04T21:12:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-408-cross-site-request-forgery-to-arbitrary-member-deletion</loc>
<lastmod>2022-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clasifico-listing/clasifico-listing-20-unauthenticated-privilege-escalation</loc>
<lastmod>2026-02-18T15:10:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpematico/wpematico-rss-feed-fetcher-283-missing-authorization</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-to-top-button/float-to-top-button-236-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awin-advertiser-tracking/awin-advertiser-tracking-for-woocommerce-200-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-1042-missing-authorization</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundy-background-music/soundy-background-music-39-cross-site-scripting</loc>
<lastmod>2018-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yougler-blogger-profile-page/yougler-blogger-profile-page-v101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-06-13T19:47:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-newsletter-subscription/wp-newsletter-subscription-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-wordpress-plugin-3201-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-05-31T18:57:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-225-missing-authorization</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-156-cross-site-request-forgery-to-user-password-change</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aiomatic-automatic-ai-content-writer/aiomatic-ai-content-writer-editor-chatbot-ai-toolkit-238-missing-authorization-to-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cirrus/wp-cirrus-0611-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1076-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/finance/finance-consultant-28-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/msstiger/wp-vtiger-synchronization-111-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-6014-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-294-missing-authorization-to-authenticated-contributor-builder-status-tampering</loc>
<lastmod>2025-12-03T18:08:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesalex/wholesalex-131-sensitive-information-exposure-via-export_users</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2361-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jtrt-responsive-tables/jtrt-responsive-tables-412-sql-injection</loc>
<lastmod>2017-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workbox-video-from-vimeo-youtube-plugin/workbox-video-from-vimeo-youtube-322-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-094-cross-site-scripting</loc>
<lastmod>2014-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-map-generator/google-map-generator-131-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-featured-video/post-featured-video-17-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1263-insecure-direct-object-reference-to-authenticated-editor-arbitrary-user-avatarbanner-reset-via-user_id-parameter</loc>
<lastmod>2026-06-17T18:09:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitform/bitform-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:27:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-search-plugin/custom-search-by-bestwebsoft-135-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simplebalance/simple-balance-22-cross-site-scripting</loc>
<lastmod>2011-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbcurrencyconverter/cbx-currency-converter-303-cross-site-request-forgery-leading-to-plugin-settings-leakagechanges</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5972-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-user-profile-and-cover-image-modification</loc>
<lastmod>2026-02-04T20:36:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-appointment-booking-and-scheduler-system-119-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/correos-express/correosexpress-260-sensitive-data-exposure</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/music/music-15-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-to-miniprogram/rest-api-to-miniprogram-512-authenticated-subscriber-insecure-direct-object-reference-via-userid-rest-api-parameter</loc>
<lastmod>2026-03-20T15:10:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-crm/fluentcrm-marketing-automation-for-wordpress-2984-authenticated-contributor-stored-cross-site-scripting-via-fluentcrm_content-shortcode</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-constant-contact/integration-for-contact-form-7-and-constant-contact-115-cross-site-request-forgery</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-slider-lite/wonder-slider-lite-139-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ppv-live-webcams/paid-videochat-turnkey-site-7323-authenticated-admin-remote-code-execution</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-job-importer/indeed-job-importer-105-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-15T19:23:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-delete-users-by-email/bulk-delete-users-by-email-12-reflected-cross-site-scripting</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/card-elements-for-elementor/card-elements-for-elementor-126-authenticated-contributor-stored-cross-site-scripting-via-profile-card-widget</loc>
<lastmod>2025-02-26T20:43:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-log/link-log-external-link-click-monitor-14-http-response-splitting</loc>
<lastmod>2015-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-619-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-url-seo/dynamic-url-seo-10-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modernize/modernize-340-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/promo/promo-130-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-5122-authenticated-custom-insecure-direct-object-reference</loc>
<lastmod>2025-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bugspatrol/bugspatrol-150-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notice-faq/wordpress-seo-friendly-accordion-faq-with-ai-assisted-content-generation-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T18:40:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-business-reviews-rating/reviews-and-rating-google-reviews-52-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-24T14:53:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-edit-menu/wp-edit-menu-150-cross-site-request-forgery</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts/related-posts-272-cross-site-request-forgery</loc>
<lastmod>2013-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mm-email2image/mm-email2image-025-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-4344-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15112-ip-address-spoofing-to-antispam-bypass</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/who-hit-the-page-hit-counter/who-hit-the-page-hit-counter-14143-reflected-cross-site-scripting</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rj-quickcharts/rj-quickcharts-061-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-builder/wdcontactformbuilder-1072-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitytime/wp-sessions-time-monitoring-full-automatic-109-unauthenticated-sql-injection</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1133-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-711-authenticated-contributor-stored-cross-site-scripting-via-su_lightbox</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-7642-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-250-sql-injection</loc>
<lastmod>2019-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-455-unauthenticated-email-forgery</loc>
<lastmod>2020-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pepro-ultimate-invoice/peprodev-ultimate-invoice-200-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wilmer/wilmr-342-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-16927-unauthenticated-sql-injection-via-append_where_sql-parameter</loc>
<lastmod>2026-03-10T19:14:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-614-authenticated-admin-sql-injection</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lovedate/lovedate-386-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-google-search/wp-custom-google-search-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-slider-for-elementor/ht-slider-for-elementor-165-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printcart-integration/printcart-web-to-print-product-designer-for-woocommerce-240-unauthenticated-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payplus-payment-gateway/payplus-payment-gateway-668-unauthenticated-sql-injection</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-3511-authenticated-shop-manager-arbitrary-file-upload</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-addons/absolute-addons-for-elementor-1014-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-testimonials-showcase/simple-testimonials-showcase-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-by-supsystic/slider-by-supsystic-1810-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compare-ninja-comparison-tables/compare-ninja-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-moneytizer/the-moneytizer-963-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fbgorilla/fbgorilla-all-versions-sql-injection</loc>
<lastmod>2014-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-pagos-en-linea/bold-pagos-en-linea-314-reflected-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organizer/organizer-121-path-disclosure</loc>
<lastmod>2012-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5927-authenticated-contributor-stored-cross-site-scripting-via-no_more_items_text-parameter</loc>
<lastmod>2024-08-12T16:05:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11129-reflected-cross-site-scripting-via-mepr_screenname-and-mepr_key-parameters</loc>
<lastmod>2024-08-29T15:03:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwa-for-wp/pwa-for-wp-progressive-web-apps-made-simple-1771-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1221-missing-authorization-on-load_recaptcha_preview-ajax-function</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3dprint-lite/3dprint-lite-2136-authenticated-admin-sql-injection-via-printer_text</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-4101-sensitive-information-exposure-via-assignments</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kanban/kanban-boards-for-wordpress-2521-missing-authorization</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/electron/electron-182-missing-authorization</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mentoring/mentoring-128-unauthenticated-privilege-escalation-in-mentoring_process_registration</loc>
<lastmod>2026-05-04T13:32:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14100-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alkubot/alkubot-gamify-discounts-sell-more-and-give-less-at-the-right-time-300-cross-site-request-forgery</loc>
<lastmod>2021-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-elementor-addons-header-footer-builder-custom-font-custom-csswoo-widget-menu-builder-anywhere-elementor-shortcode-118-insecure-direct-object-reference-to-sensitive-information-exposure-via-ua_template-shortcode</loc>
<lastmod>2024-11-20T13:40:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.7/wordpress-core-58-dependency-confusion</loc>
<lastmod>2021-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-booking/scheduling-plugin-online-booking-for-wordpress-3510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thememove-core/thememove-core-142-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-delivery-date-for-woocommerce-lite/product-delivery-date-for-woocommerce-lite-272-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/back-link-tracker/back-link-tracker-100-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-video-optimizer/wp-youtube-video-optimizer-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-20T20:32:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-166-unauthenticated-arbitrary-postpage-deletion</loc>
<lastmod>2021-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluff-post/bluff-post-111-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-html-snippet/insert-html-snippet-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2016-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-1134-stored-cross-site-scripting</loc>
<lastmod>2017-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-203-ip-address-spoofing</loc>
<lastmod>2006-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doubledome-resource-link-library/resource-library-for-logged-in-users-15-cross-site-request-forgery-to-multiple-administrative-actions</loc>
<lastmod>2025-12-11T15:10:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kioskprox/kioskprox-unkown-versions-cross-site-scripting</loc>
<lastmod>2013-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fable-extra/fable-extra-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-boxes-etc/mbe-eship-212-information-exposure</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-diagnosis-generator/-1416-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-instanteditredirect-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-233-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-certain-time-to-show-content/simple-certain-time-to-show-content-122-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-dashboard-and-mainwp-child-2022-unspecified-vulnerability</loc>
<lastmod>2015-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-list/event-list-079-authenticated-admin-sql-injection</loc>
<lastmod>2017-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-562-authenticated-contributor-stored-cross-site-scripting-via-tp-page-scroll-widget</loc>
<lastmod>2024-08-19T14:59:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-115-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3318-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-subtitle/add-subtitle-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-452-authenticatedsubscriber-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/membership-for-woocommerce/membership-for-woocommerce-281-missing-authorization</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-donations/donations-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-05-13T14:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/social-login-wordpress-woocommerce-plugin-277-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-move-posts/copy-move-posts-16-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-vouchers/woocommerce-pdf-vouchers-499-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-elementor/ultimate-addons-for-elementor-1241-registration-bypass</loc>
<lastmod>2020-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-5022-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-file-renamer/media-file-renamer-569-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/image-gallery-photo-grid-video-gallery-modula-2133-missing-authorization-to-arbitrary-directory-listing</loc>
<lastmod>2025-12-11T18:40:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-envato-portfolio/gs-portfolio-for-envato-142-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-154-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-541-authenticated-agent-privilege-escalation-to-administrator-via-connect-customer-to-wp-user-ability</loc>
<lastmod>2026-04-27T07:23:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webico-slider-flatsome-addons/webico-slider-flatsome-addons-201-authenticated-contributor-stored-cross-site-scripting-via-wbc_image-shortcode</loc>
<lastmod>2024-07-08T19:37:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-1575-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2816-unauthenticated-sql-injection</loc>
<lastmod>2026-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-442-cross-site-request-forgery-via-delete</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bluet-keywords-tooltip-generator/tooltipy-556-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverwise-daily-quotes/cleverwise-daily-quotes-32-reflected-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-and-remote-arrows-5102-authenticated-contributor-stored-cross-site-scripting-via-cookie-consent</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-566-missing-authorization</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-wp-e-commerce-12-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantsearch-for-woocommerce/search-filters-merchandising-for-woocommerce-3058-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-1105-cross-site-request-forgery</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-password-reset-link-non-expiration</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-form-email-subscribers-newsletters-1015-stored-cross-site-scripting</loc>
<lastmod>2014-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neoocular/neo-ocular-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbg-audio8-html5-radio-ads/shout-html5-radio-player-with-ads-shoutcast-and-icecast-support-354-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-table-of-contents/easy-table-of-contents-2078-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-advance-product-search/advance-product-search-voice-ajax-search-for-woocommerce-144-unauthenticated-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-371-information-disclosure</loc>
<lastmod>2015-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-the-1-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-690-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wineshop/wineshop-food-wine-store-wordpress-theme-317-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-btc-by-hayyatapps/sell-btc-cryptocurrency-selling-calculator-15-unauthenticated-stored-cross-site-scripting-via-orderform_data-ajax-action</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik/estatik-real-estate-plugin-410-reflected-cross-site-scripting</loc>
<lastmod>2024-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twl-easy-call/easy-call-with-twilio-104-stored-cross-site-scripting</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-form-builder/divi-form-builder-512-unauthenticated-privilege-escalation-via-role</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-glass-button/cg-button-1056-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/funnelkit-automations-email-marketing-automation-and-crm-for-wordpress-woocommerce-3641-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2025-11-04T20:51:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directory-pro/directory-pro-255-reflected-cross-site-scripting</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4240-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-326-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2460-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meetup/wp-meetup-230-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-2136-missing-authorization</loc>
<lastmod>2025-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeflavors-vimeo-video-post-lite/vimeotheque-221-reflected-cross-site-scripting-via-view-and-page</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.9/wordpress-691-cross-site-scripting-via-client-side-template-override-in-admin-area</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doaj-export/doaj-export-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bertha-ai-free/bertha-ai-113-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-shortcodes/grid-shortcodes-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-1100-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-smart-social-widget/meks-smart-social-widget-163-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-284-authenticated-author-arbitrary-file-upload-to-remote-code-execution-via-icon-pack-upload</loc>
<lastmod>2026-05-04T22:35:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-3111-authenticated-subscriber-php-object-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-rede/rede-ita-for-woocommerce-payment-pix-credit-card-and-debit-512-unauthenticated-order-status-manipulation</loc>
<lastmod>2026-01-15T18:31:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/citybook/citybook-243-reflected-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-team-manager/team-manager-2123-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sksdev-toolkit/sksdev-toolkit-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-2717-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitfire/bitfire-45-unauthenticated-information-exposure</loc>
<lastmod>2025-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/post-grid-gutenberg-blocks-and-wordpress-blog-plugin-postx-411-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-29T14:39:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hcaptcha-for-forms-and-more/hcaptcha-for-wp-4220-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-parsidate/parsi-date-511-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-25T20:48:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slazzer-background-changer/slazzer-background-changer-314-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-353-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5911-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formassembly-web-forms/wp-formassembly-205-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vikrentcar-car-rental-management-system-144-authenticated-author-sql-injection-via-month-parameter</loc>
<lastmod>2025-12-01T19:42:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-3111-reflected-cross-site-scripting</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-forms-signature-contract-add-on/wp-forms-signature-contract-add-on-182-missing-authorization-to-authenticated-subscriber-notice-dimissal</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brooklyn/brooklyn-4992-reflected-cross-site-scripting</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-geolocation-of-users-using-contact-form-7/track-geolocation-of-users-using-contact-form-7-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-311-reflected-cross-site-scripting</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-405-cross-site-scripting</loc>
<lastmod>2016-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-showcase/client-showcase-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-234-authentication-bypass-to-account-takeover</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hitsteps-visitor-manager/hitsteps-web-analytics-586-cross-site-request-forgery-via-hst_optionpage</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-progressive-web-apps/super-progressive-web-apps-228-missing-authorization</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/r3w-instafeed/r3w-instafeed-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/finale-woocommerce-sales-countdown-timer-discount/finale-lite-2160-missing-authorization-to-content-deletion</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontpage-category-filter/frontpage-category-filter-102-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninjateam-telegram/ninjateam-chat-for-telegram-11-authenticated-contributor-stored-cross-site-scripting-via-username-parameter</loc>
<lastmod>2025-05-29T18:49:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-131-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-05-20T20:45:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-565-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-import-export-for-woocommerce/order-export-order-import-for-woocommerce-249-authenticated-administrator-php-object-injection</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-oauth/wp-oauth-041-reflected-cross-site-scripting</loc>
<lastmod>2025-11-10T15:16:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tumult-hype-animations/tumult-hype-animations-1914-missing-authorization</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-71030-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2026-01-05T16:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-recipes/zip-recipes-807-cross-site-request-forgery</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1506-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2231-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clio-grow-form/clio-grow-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-archive-list-widget/js-archive-list-615-unauthenticated-sql-injection-via-build_sql_where-function</loc>
<lastmod>2025-08-18T19:17:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcal/wpcalio-0959-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-gift-certificate/easy-paypal-gift-certificate-123-cross-site-request-forgery-to-stored-cross-site-scripting-via-wpppgc_plugin_options</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-image-photo-gallery-albums-video-gallery-slideshows-more-1125-missing-authorization</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sr-wp-minify-html/sr-wp-minify-html-21-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:19:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fathom-analytics/fathom-analytics-304-stored-cross-site-scripting</loc>
<lastmod>2021-12-08T13:23:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lj-custom-menu-links/lj-custom-menu-links-25-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5314-missing-authorization-to-authenticated-subscriber-arbitrary-post-meta-update-via-wpw_auto_poster_update_tweet_template</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-chat-on-telegram/site-chat-on-telegram-104-unauthenticated-php-object-injection</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arena-liveblog-and-chat-tool/arenaim-live-blogging-for-real-time-events-041-authenticated-contributor-stored-cross-site-scripting-via-arena_embed_amp-shortcode</loc>
<lastmod>2024-12-11T15:30:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/gutenberg-elementor-templates-importer-for-responsive-319-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-2015-authenticated-admin-sql-injection</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher/wpcs-wordpress-currency-switcher-professional-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-variation-swatches/variation-swatches-for-woocommerce-237-reflected-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vslider/vslider-multi-image-slider-412-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-advertising-system/advanced-advertising-system-131-open-redirect</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/finag/finag-150-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-fusion-builder-3152-authenticated-subscriber-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2026-05-20T16:21:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2130-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-126-incorrect-permission-assignment-or-protection</loc>
<lastmod>2021-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpqa/wpqa-builder-forms-addon-for-wordpress-plugin-610-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-sepay-payment/learnpress-sepay-payment-400-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-3610-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-491-cross-domain-flash-injection</loc>
<lastmod>2017-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gauge/gauge-6564-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-premium-396-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html2wp/html2wp-100-arbitrary-file-deletion</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jalbum-bridge/jalbum-bridge-2016-authenticated-contributor-stored-cross-site-scripting-via-ar-parameter</loc>
<lastmod>2024-12-02T19:24:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-lite-edition-11615-authenticated-contributor-stored-cross-site-scripting-via-style-and-mode-parameters</loc>
<lastmod>2025-06-20T22:29:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rapid-cache/rapid-cache-123-unauthenticated-cache-poisoning</loc>
<lastmod>2025-02-17T15:43:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eximious-magazine/magazine-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-492-unauthenticated-sensitive-information-exposure-via-exposed-csv-export-file</loc>
<lastmod>2025-12-11T21:22:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-430-missing-authorization</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-257-authenticated-author-cross-site-scripting-via-svg</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2711-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-scheduled-posts/schedulepress-508-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/random-quotes/random-quotes-13-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visibility-logic-elementor/visibility-logic-for-elementor-234-missing-authorization-via-admin_post-toggle_option</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/visual-composer-starter/visual-composer-starter-33-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1181-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boostify-header-footer-builder/boostify-header-footer-builder-for-elementor-132-authenticated-contributor-stored-cross-site-scripting-via-size-parameter</loc>
<lastmod>2024-06-04T18:59:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-premium/monsterinsights-pro-8141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pondol-formmail/pondol-form-to-mail-11-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-advanced-gutenberg-blocks-1813-authenticated-contributor-sensitive-information-exposure-via-qubely_get_content</loc>
<lastmod>2025-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-slider-shortcode/posts-slider-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-1351-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baidu-submit-link/-baidugooglebingindexnowyandex-425-cross-site-request-forgery</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-wwe-edition/small-package-quotes-worldwide-express-edition-5218-unauthenticated-sql-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-661-reflected-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-downloads/sell-downloads-101-arbitrary-file-read</loc>
<lastmod>2014-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-widget-responsive/widget-responsive-for-youtube-161-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-support-ticket-system/woocommerce-support-ticket-system-178-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion-and-information-exposure</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-post-generator-echo/echo-rss-feed-post-generator-5481-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-16T16:28:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infogram/infogram-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/criptopayer-elementor/criptopayer-for-elementor-101-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friends/friends-285-authenticated-admin-blind-server-side-request-forgery</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-cross-site-request-forgery-to-arbitrary-post-deletion</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clean-and-simple-contact-form-by-meg-nicholas/contact-form-clean-and-simple-441-cross-site-scripting</loc>
<lastmod>2014-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-themeforest-smart-widget/meks-themeforest-smart-widget-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-902-sql-injection</loc>
<lastmod>2018-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-starter-templates/starter-templates-by-kadence-wp-1216-authenticated-admin-php-object-injection</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyforms/happyforms-1211-authenticated-contributor-stored-cross-site-scripting-via-blocks</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-parts/page-parts-143-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T13:48:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realteo/realteo-124-missing-authorization</loc>
<lastmod>2021-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8502005-insecure-direct-object-reference</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-links-remover/broken-links-remover-122-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generateblocks/generateblocks-210-authenticated-contributor-information-disclosure</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lara-google-analytics/lara-google-analytics-204-stored-cross-site-scripting</loc>
<lastmod>2019-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/under-construction-maintenance-mode/under-construction-coming-soon-maintenance-mode-211-cross-site-request-forgery</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customizer-export-import/customizer-exportimport-094-authenticated-administrator-php-object-injection</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/wp-ultimate-exporter-29-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sahifa/sahifa-586-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-711-missing-authorization-to-shortcode-injection</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-515-authenticated-editor-path-traversal</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/sam-pro-free-edition-19769-simple-ads-manager-2100130-sam-pro-lite-19053-localremote-file-inclusion</loc>
<lastmod>2016-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indieblocks/indieblocks-0131-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-popular-posts/popular-posts-by-bestwebsoft-105-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geoportail-shortcode/geoportail-shortcode-244-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplocalplaces/wplocalplaces-unknown-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-313-username-enumeration</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11221-csv-injection</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1138-authenticated-contributor-sensitive-information-exposure-via-table_saved_sections</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avalex/avalex-automatisch-sichere-rechtstexte-308-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/append-link-on-copy/append-link-on-copy-02-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-login-history/user-login-history-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-4210-missing-authorization-to-account-logout</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-703-unauthenticated-sql-injection-via-orderby-parameter</loc>
<lastmod>2025-07-09T09:58:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-slider-and-carousel/post-slider-and-post-carousel-with-post-vertical-scrolling-widget-a-responsive-post-slider-329-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-270-authenticated-administrator-sql-injection</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-344-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5811-cross-site-scripting</loc>
<lastmod>2018-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pixiv-custom/pixiv-custom-216-cross-site-scripting</loc>
<lastmod>2011-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scrollup/scrollup-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chateau/chteau-121-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-298-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-help-button/call-now-accessibility-button-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-231-html-injection-in-emails</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartemailing/smartemailingcz-220-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:07:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ere-recently-viewed/ere-recently-viewed-13-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-super-cache/wp-super-cache-172-authenticated-remote-code-execution</loc>
<lastmod>2021-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compiler/wp-compiler-100-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moveto/moveto-62-missing-authorization-to-unauthenticated-options-update</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-header-footer-builder-free-elementor-widgets-elementor-templates-library-1137-authenticated-contributor-stored-cross-site-scripting-via-text-effect-widget</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-1464-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2025-04-07T20:33:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryout-serious-slider/serious-slider-127-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fields-search/custom-fields-search-by-bestwebsoft-132-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksforge/bricksforge-2017-missing-authorization-to-unauthenticated-wordpress-settings-update</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar-eventbrite-tickets/the-events-calendar-eventbrite-tickets-3102-cross-site-scripting</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-voting-contest/wp-voting-contest-30-reflected-cross-site-scripting</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-551-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5p/interactive-content-h5p-1160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11529-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-widget/icon-widget-130-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-posts-by-category/list-of-posts-from-each-category-plugin-for-wordpress-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-20810-missing-authorization</loc>
<lastmod>2026-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-widget-bundle/widget-bundle-200-cross-site-request-forgery-to-widget-disableenable</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-511-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-cart/easy-cart-18-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-01T19:45:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-447-missing-authorization-to-unauthenticated-user-email-retrieval-via-ays_sccp_reports_user_search-function</loc>
<lastmod>2025-02-28T22:01:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-2330-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sql-chart-builder/sql-chart-builder-238-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-54-multiple-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-302-cross-site-request-forgery</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/ip2location-country-blocker-2264-subscriber-arbitrary-country-ban</loc>
<lastmod>2022-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-newsletter/plugin-newsletter-15-arbitrary-file-read</loc>
<lastmod>2012-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3210-missing-authorization</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-872-incorrect-authorization-to-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordthumb/timthumb-2813-remote-code-execution</loc>
<lastmod>2014-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gou-wc-account-tabs/gou-manage-my-account-menu-1018-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-file/include-file-1-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hippoo/hippoo-mobile-app-for-woocommerce-194-unauthenticated-authentication-bypass-to-administrator-account-takeover-via-rest-api</loc>
<lastmod>2026-06-05T05:47:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-bp-registration/buddypress-better-registration-16-authentication-bypass-to-administrator</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-rets/simplyrets-real-estate-idx-305-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-by-zemanta/related-posts-by-zemanta-131-cross-site-request-forgery</loc>
<lastmod>2013-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-96-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5813-stored-cross-site-scripting</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/civi-framework/civi-framework-2163-cross-site-request-forgery</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon/coming-soon-page-maintenance-mode-181-stored-cross-site-scripting</loc>
<lastmod>2019-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-519-unauthenticated-information-exposure</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-to-rest-api/acf-to-rest-api-320-insecure-direct-object-reference-via-permalinks-manipulation</loc>
<lastmod>2020-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oss-aliyun/oss-aliyun-1410-authenticated-administrator-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-480-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-206-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/store-exporter-276-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpinner-lite/xpinner-lite-22-cross-site-request-forgery</loc>
<lastmod>2015-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/map-location-picker-at-checkout-for-woocommerce/location-picker-at-checkout-for-woocommerce-189-missing-authorization-via-checkout_map_rules_order_ajax_handler</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coder/wp-coder-35-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-641-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-dashboard-4512-authenticatedadministrator-css-injection</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-twitter-feed/wp-tfeed-169-cross-site-request-forgery-via-aptf_delete_cache</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1360-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instantio/instantio-337-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thecartpress/thecartpress-ecommerce-shopping-cart-1536-sensitive-information-disclosure</loc>
<lastmod>2015-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-users/login-as-users-142-authentication-bypass</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pardakht-delkhah/pardakht-delkhah-292-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-351-cross-site-scripting</loc>
<lastmod>2013-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mynx-page-builder/mynx-page-builder-0278-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-11T16:35:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-rentle/twice-commerce-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-104-reflected-cross-site-scripting</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-1513-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-ajax-search/cardoza-ajax-search-13-unauthenticated-sql-injection</loc>
<lastmod>2012-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/affiliate-program-suite-slicewp-affiliates-1123-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T21:10:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expand-maker/read-more-accordion-3261-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-builder-for-elementor/theme-builder-for-elementor-122-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress-vimeo-integration/gamipress-vimeo-integration-108-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zorka/zorka-wonderful-fashion-woocommerce-theme-157-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-online-course-builder-for-elearning-lms-education-215-missing-authorization</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-432-authenticated-shop-manager-stored-cross-site-scripting-via-template-elements</loc>
<lastmod>2026-02-17T18:44:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hello-bar/wp-hello-bar-102-authenticated-administrator-stored-cross-site-scripting-via-digit_one-and-digit_two-parameters</loc>
<lastmod>2026-01-19T17:06:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-by-bit-form-multi-step-form-calculation-contact-form-payment-contact-form-custom-contact-form-builder-20-2139-authenticated-administrator-sql-injection</loc>
<lastmod>2024-08-19T15:01:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-322-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-by-supsystic/popup-by-supsystic-11027-missing-authorization</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/maxcube/maxcube-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmlt-meeting-map/bmlt-meeting-map-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T21:18:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appbox/wp-appbox-4320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-05T09:55:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-via-cooked_get_recipe_ids</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medcity/medcity-119-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rometheme-for-elementor/romethemekit-for-elementor-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-648-reflected-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sepay-gateway/sepay-gateway-1120-unauthenticated-information-exposure</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marmoset-viewer/marmoset-viewer-193-reflected-cross-site-scripting</loc>
<lastmod>2021-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-table-for-woocommerce/product-table-for-woocommerce-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocloud-crypto-payment-gateway/cryptocloud-crypto-payment-gateway-212-missing-authorization</loc>
<lastmod>2025-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-theme-generator/child-theme-generator-227-reflected-cross-site-scripting</loc>
<lastmod>2021-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-238-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-onclick/video-onclick-047-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2026-02-06T20:25:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1159-reflected-cross-site-scripting</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/direct-checkout-for-woocommerce/direct-checkout-for-woocommerce-skip-cart-with-buy-buttons-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-helper-lite/wp-helper-premium-451-cross-site-request-forgery-via-whp_fields</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-stored-cross-site-scripting-via-post-title-html-tag</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-leads-builder-any-crm/lead-form-data-collection-to-crm-301-authenticated-contributor-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-generator/page-generator-171-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goza-theme/goza-nonprofit-charity-wordpress-theme-322-missing-authorization-to-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-07-14T15:24:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-4120-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1046-stored-cross-site-scripting-via-lastname</loc>
<lastmod>2022-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bravo-search-and-replace/bravo-search-replace-10-authenticated-administrator-sql-injection</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-product-size-chart/product-size-charts-plugin-for-woocommerce-245-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-decembrie-1918/1-decembrie-1918-1dec2012-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T20:01:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblibrarian/weblibrarian-3485-cross-site-scripting</loc>
<lastmod>2017-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-2610-authenticated-contributor-remote-code-execution</loc>
<lastmod>2023-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-24171-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-paystack-add-on/contact-form-7-paystack-add-on-123-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-product-gallery/jetproductgallery-2202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aora/aora-home-lifestyle-elementor-woocommerce-theme-1315-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-414-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/computer-repair-shop-38119-authenticated-customer-privilege-esclation-via-account-takeover</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-4934-reflected-cross-site-scripting</loc>
<lastmod>2019-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-user-registration/restrict-user-registration-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doofinder-for-woocommerce/doofinder-for-woocommerce-1549-unauthenticated-open-redirect</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sleekplan/sleekplan-020-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bitly/bitlys-wordpress-plugin-272-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-plugin-by-pdfcrowd-455-reflected-cross-site-scripting-via-options</loc>
<lastmod>2026-01-24T02:47:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-responsive-gallery-album/ai-responsive-gallery-album-14-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mTheme-Unus/mtheme-unus-all-versions-local-file-inclusion</loc>
<lastmod>2015-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-203-reflected-cross-site-scripting</loc>
<lastmod>2022-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/responsive/responsive-503-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-432-missing-authorization</loc>
<lastmod>2025-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculator-builder/calculator-builder-create-an-online-calculator-162-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-pdf-flipbook-viewer-flipbook-image-gallery-11616-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe/iframe-44-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adforest-elementor/adforest-elementor-3011-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weaverx-theme-support/weaver-xtreme-theme-support-625-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inquiry-form-to-posts-or-pages/inquiry-form-to-posts-or-pages-10-authenticated-administrator-stored-cross-site-scripting-via-form-header-field</loc>
<lastmod>2026-04-07T17:36:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backlink-monitoring-manager/backlink-monitoring-manager-013-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-1115-authenticated-sql-injection-via-settings-import</loc>
<lastmod>2018-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-jwt-login/simple-jwt-login-364-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-before-download/email-before-download-34-sql-injection</loc>
<lastmod>2015-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-font-awesome/advanced-custom-fields-font-awesome-field-502-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1021-authentication-bypass-via-header</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2105-php-objection-injection</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-271-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-246-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-gallery-for-matterport-showcase/wp-matterport-shortcode-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-241-unauthorised-event-timeslot-deletion</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8802002-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-219-cross-site-scripting</loc>
<lastmod>2015-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulletproof-security/bulletproof-security-471-reflected-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-grid/the-grid-280-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-42682-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-downloads/secure-downloads-122-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-11910-authenticated-contributor-stored-cross-site-scripting-via-media_url-parameter</loc>
<lastmod>2024-07-11T17:50:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daisycon/daisycon-prijsvergelijkers-490-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T18:09:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stylish-price-list/stylish-price-list-7111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images/image-gallery-responsive-photo-gallery-1957-cross-site-request-forgery</loc>
<lastmod>2016-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-create-popup-modal-window-538-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-crm-forms/zoho-crm-lead-magnet-1819-missing-authorization</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-gallery-odihost/easy-gallery-14-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-hide-login/easy-hide-login-107-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/momoyoga-integration/yoga-schedule-momoyoga-290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:30:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-block/button-block-115-missing-authorization</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpha-blocks/alpha-blocks-150-authenticated-contributor-stored-cross-site-scripting-via-alpha_block_css-post-meta</loc>
<lastmod>2026-01-23T19:21:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-timeline/unlimited-timeline-161-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting-via-team-members-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-addons-by-bit14/web-and-woocommerce-addons-for-wpbakery-builder-145-missing-authorization-to-authenticated-subscriber-plugin-settings-modification</loc>
<lastmod>2024-07-15T21:28:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-322-reflected-cross-site-scripting</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hits-counter/post-hits-counter-2823-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blogbuzztime-for-wp/blogbuzztime-for-wp-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T14:23:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-core-1711-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-filter/rss-filter-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/history-log-by-click5/history-log-by-click5-1013-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-236-missing-authorization</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-615-cross-site-request-forgery</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupwordpress/backupwordpress-312-missing-authorization-to-authenticated-subscriber-information-disclosure</loc>
<lastmod>2022-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-3011-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cj-change-howdy/cj-change-howdy-331-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-151-authenticated-admin-arbitrary-file-deletion</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpulse-web-push/sendpulse-free-web-push-136-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-10-16T20:37:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-3913-authenticated-author-stored-cross-site-scripting-via-lesson-attachment-title</loc>
<lastmod>2026-06-30T14:59:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-action-button/floating-action-button-12-missing-authorization</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elisqlreports/ez-sql-reports-shortcode-widget-and-db-backup-52135-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-text-widget/enhanced-text-widget-158-missing-authorization</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-professional-1351-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-637-unauthenticated-arbitrary-file-deletion-via-path-traversal-in-eesubfolder-parameter</loc>
<lastmod>2026-06-19T20:27:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-446-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-captcha/svg-captcha-1011-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-313-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-prices/cryptocurrency-all-in-one-3019-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2626-authenticated-subscriber-sql-injection-via-completed_at_operator</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-910-authenticated-contributor-stored-cross-site-scripting-via-recipe-notes</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-3118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-ecommerce/marketpress-326-unauthenticated-php-object-injection</loc>
<lastmod>2017-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flow-flow-social-streams/flow-flow-social-feed-stream-3071-cross-site-scripting</loc>
<lastmod>2018-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-for-wp-e-commerce-12-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-501-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attribute</loc>
<lastmod>2026-03-10T17:08:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3255-missing-authorization-to-cross-site-scripting</loc>
<lastmod>2022-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncode-core/uncode-core-288-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-buttons/sticky-buttons-floating-buttons-builder-323-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truefy-embed/truefy-embed-110-cross-site-request-forgery-to-truefy_embed_options_update-settings-update</loc>
<lastmod>2025-12-11T14:37:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-frontend-profile-138-cross-site-request-forgery-to-unauthorized-user-account-approval-or-rejection</loc>
<lastmod>2026-03-06T11:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-619-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-image-by-pdfcrowd/save-as-image-plugin-by-pdfcrowd-2160-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-safety-guard/admin-safety-guard-login-security-2fa-129-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibility-plus/accessibility-toolkit-by-webyes-204-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/keenarch/keenarch-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ergonet-varnish-cache/ergonet-cache-1013-missing-authorization</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager-pro/events-manager-5972-events-manager-pro-2672-unauthenticated-csv-injection</loc>
<lastmod>2020-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-quotes/easy-quotes-124-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/selection-lite/selection-lite-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dragon-calendar-free-version/multi-days-events-and-multi-events-in-one-day-calendar-113-cross-site-request-forgery</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/wp-timetics-ai-powered-appointment-booking-calendar-and-online-scheduling-plugin-1025-insecure-direct-object-reference-to-unauthenticated-arbitrary-user-passwordemail-resetaccount-takeover</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-plugin/bestwebsofts-twitter-132-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2014-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/express-pay/express-payments-module-118-unauthenticated-sql-injection-via-type_id</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-my-account-for-woocommerce/sysbasics-customize-my-account-for-woocommerce-436-reflected-cross-site-scripting-via-tab-parameter</loc>
<lastmod>2026-06-17T17:36:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-rating-system/gd-rating-system-362-unauthenticated-sql-injection</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-copilot-content-generator/ai-chatbot-workflow-automation-by-aiwu-1417-unauthenticated-sql-injection-in-getlistfortbl</loc>
<lastmod>2026-05-11T19:07:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-relations/custom-post-type-relations-10-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-user-profile-reviews/wbcom-designs-plugins-various-versions-arbitrary-plugin-installation-activation-and-deactivation</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-configurator/login-configurator-21-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-wd/slider-by-10web-responsive-image-slider-1257-authenticated-contributor-sql-injection-via-id-parameter</loc>
<lastmod>2024-08-07T17:31:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parallaxer-lite-parallax-effects-on-images/parallaxer-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revolut-gateway-for-woocommerce/revolut-gateway-for-woocommerce-4173-missing-authorization-to-unauthenticated-order-status-update</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-plugin-177-reflected-cross-site-scripting</loc>
<lastmod>2017-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-map-of-africa/interactive-regional-map-of-africa-10-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-post-slider/widget-post-slider-135-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lattice/lattice-115-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/filter-grids-2832-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-41611-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-subscription-cancellationexpiration</loc>
<lastmod>2026-03-10T14:08:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/neobeat/neobeat-music-wordpress-theme-17-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vw-photography/vw-photography-138-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-contact-form-widget/contact-form-widget-contact-query-contact-page-form-maker-query-table-138-authenticated-admin-sql-injection</loc>
<lastmod>2019-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-envato/license-for-envato-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviews-sorted/reviews-sorted-242-authenticated-contributor-stored-cross-site-scripting-via-space-shortcode-attribute</loc>
<lastmod>2025-12-11T14:22:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator-pro/uncanny-automator-pro-53-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flyzoo/flyzoo-chat-233-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multistore-locator-wp-store-locator-plugin-effortless-integration-with-snazzy-maps-250-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsp_dating/wpdating-740-sql-injection</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-2415-insecure-direct-object-reference-to-authenticated-contributor-event-disclosure</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-to-csv/post-to-csv-by-bestwebsoft-140-authenticated-author-csv-injection</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/office-locator/office-locator-130-unauthenticated-sql-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-343-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-subscribe-sm/mailchimp-subscribe-forms-4097-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/wordpress-button-plugin-maxbuttons-92-cross-site-request-forgery</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-lottie-animation-for-elementor/lottiefiles-json-based-animation-lottie-bodymovin-for-elementor-1109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T18:30:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/plugin-permalink-2431-missing-authorization-via-get_uri_editor</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-newsletter/email-newsletter-20136-reflected-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-ajax_create_pages</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-3820-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/6storage-rentals/6storage-rentals-2220-unauthenticated-insecure-direct-object-reference-to-arbitrary-user-disclosure-and-modification-via-userid-parameter</loc>
<lastmod>2026-06-08T15:06:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-435-missing-authorization-to-denial-of-service</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-facebook-feed/smash-balloon-social-post-feed-40-arbitrary-plugin-settings-update-to-stored-cross-site-scripting</loc>
<lastmod>2021-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dhivehi-text/dhivehi-text-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-14T19:55:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groups/groups-3100-authenticated-contributor-stored-cross-site-scripting-via-groups_group_info-shortcode</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pw-bulk-edit/pw-woocommerce-bulk-edit-2134-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-wpforms-pro/wpforms-google-sheet-connector-345-reflected-cross-site-scripting</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegem-elements-elementor/thegem-theme-elements-for-elementor-51051-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-ad-bar/sticky-ad-bar-131-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-projects/cost-calculator-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-252-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1184-missing-authorization-to-authenticated-subscriber-limited-settings-update-via-nitropack_set_compression_ajax-function</loc>
<lastmod>2025-09-09T18:06:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-seo/wordpress-image-seo-114-cross-site-request-forgery</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-137-unauthenticated-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/upstore/upstore-170-reflected-cross-site-scripting</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/starto/starto-225-reflected-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-theme-addons/ws-theme-addons-200-authenticated-contributor-stored-cross-site-scripting-via-ws_weather-shortcode</loc>
<lastmod>2025-08-22T15:50:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-word-count-column/admin-word-count-column-22-unauthenticated-arbitrary-file-read</loc>
<lastmod>2022-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/network-favorites/network-favorites-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-259-reflected-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-240-missing-authorization</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-4325-reflected-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-19238-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-page-speed-booster-1384-reflected-cross-site-scripting</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-monitor-record-user-changes-2111-unauthenticated-stored-cross-site-scripting-via-event-context</loc>
<lastmod>2024-11-20T17:10:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazyest-gallery/lazyest-gallery-1121-stored-cross-site-scripting</loc>
<lastmod>2014-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4163-cross-site-scripting</loc>
<lastmod>2022-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-4219-unauthenticated-information-exposure</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yayextra/yayextra-woocommerce-extra-product-options-137-unauthenticated-arbitrary-file-upload-via-handle_upload_file-function</loc>
<lastmod>2024-08-02T21:03:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwa-for-wp/pwa-for-wp-amp-1772-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-216-stored-cross-site-scripting</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-510-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tk-google-fonts/tk-google-fonts-gdpr-compliant-2211-missing-authorization-to-font-addition</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stedb-forms/stedb-forms-104-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistio/assistio-112-missing-authorization-to-authenticated-subscriber-plugin-settings-deletion-via-assistio_plugin_delete_assistio_settings-ajax-action</loc>
<lastmod>2026-06-23T16:38:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/event-manager-events-calendar-tickets-registrations-eventin-408-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/appointment/appointment-373-cross-site-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-socializer/super-socializer-71353-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calendar-plus/calendar-plus-124-reflected-cross-site-scripting</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-button/social-button-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smaily-for-wp/smaily-for-wp-316-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heateor-social-login/heateor-social-login-wordpress-1132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-396-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scheduled-announcements-widget/scheduled-announcements-widget-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/toggles-shortcode-and-widget/toggles-shortcode-and-widget-114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:09:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themedy-toolbox/themedy-toolbox-1015-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2024-09-26T00:45:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestpay-for-woocommerce/gestpay-for-woocommerce-20221130-cross-site-request-forgery-csrf-via-ajax_delete_card</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-307-missing-authorization-in-pgc_sgb_action_wizard</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-321-cross-site-request-forgery-to-subscription-settings-update</loc>
<lastmod>2025-11-11T15:30:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-free/real-testimonials-316-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wha-wordsearch/word-search-puzzles-game-201-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yandexnews-feed-by-teplitsa/yandexnews-feed-by-teplitsa-1125-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backup-and-restore-wordpress-backup-plugin-19-authorization-bypass</loc>
<lastmod>2014-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ghost/ghost-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2931-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-forms/cubewp-forms-all-in-one-form-builder-115-missing-authorization</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-217-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mailerlite/mailerlite-woocommerce-integration-208-missing-authorization-via-multiple-functions</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecwid-shopping-cart/ecwid-ecommerce-shopping-cart-61023-cross-site-request-forgery-to-settingsoptions-update</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mixcloud-embed/mixcloud-embed-220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-2911-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-177-missing-authorization</loc>
<lastmod>2025-11-05T19:08:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/99fy-core/free-woocommerce-theme-99fy-extension-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yottis/yottis-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robokassa/robokassa-payment-gateway-for-woocommerce-145-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-117-cross-site-request-forgery</loc>
<lastmod>2025-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safety-exit/safety-exit-180-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knight-lab-timelinejs/knight-lab-timeline-3934-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-category-order/my-category-order-43-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-442-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-products-display/magical-products-display-1129-authenticated-contributor-stored-cross-site-scripting-via-mpd-pricing-table-widget</loc>
<lastmod>2025-11-20T20:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-maps-by-supsystic/ultimate-maps-by-supsystic-1116-authenticated-sql-injection</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fleetwire-fleet-management/fleetwire-fleet-management-plugin-1019-authenticated-contributor-stored-cross-site-scripting-via-fleetwire_list-shortcode</loc>
<lastmod>2025-07-22T14:01:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-skinner-for-buddypress/jet-skinner-for-buddypress-125-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-246-authenticated-contributor-stored-cross-site-scripting-via-ocean_gallery_id</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgsi/wpgsi-spreadsheet-integration-383-missing-authorization-to-unauthenticated-arbitrary-post-creation-and-deletion-via-forged-base64-token</loc>
<lastmod>2026-02-24T19:34:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orders-chat-for-woocommerce/orders-chat-for-woocommerce-120-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trustmary/review-testimonial-widgets-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-shipping-by-weight/dn-shipping-by-weight-for-woocommerce-111-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/stopbadbots-723-missing-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2022-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helloprint/helloprint-207-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-5110-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers/wpcode-235-authenticated-author-remote-code-execution-via-cpt-capability-bypass-via-xml-rpc-wpnewpost</loc>
<lastmod>2026-05-26T17:48:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/athemes-addons-for-elementor-lite/athemes-addons-for-elementor-115-authenticated-contributor-stored-cross-site-scripting-via-call-to-action-widget</loc>
<lastmod>2025-11-07T20:47:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sodahead-polls/sodahead-polls-204-multiple-cross-site-scripting</loc>
<lastmod>2011-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unsafe-mimetypes/unsafe-mimetypes-014-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-google-reviews/plugin-for-google-reviews-223-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-406-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/include-me/include-me-121-local-file-inclusion-leading-to-authenticated-remote-code-execution</loc>
<lastmod>2022-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-page-builder-181-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-1141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-11810-authenticatedadministrator-remote-code-execution</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swifty-page-manager/swifty-page-manager-301-cross-site-request-forgery</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5261-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-csv/wp-csv-1800-reflected-cross-site-scripting</loc>
<lastmod>2022-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/child-theme-wizard/child-theme-wizard-14-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multistore-locator-252-cross-site-request-forgery</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-headers-and-footers-script/insert-headers-and-footers-code-ht-script-112-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-04-01T12:13:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profile-avatar/wp-user-profile-avatar-100-authenticated-author-insecure-direct-object-reference-to-avatar-deletionupdate</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-158-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-221-authenticated-contributor-information-exposure</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-19141-authenticated-author-sql-injection-via-cg_row</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beautiful-taxonomy-filters/beautiful-taxonomy-filters-243-unauthenticated-sql-injection</loc>
<lastmod>2024-12-06T21:20:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-141-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1316-cross-site-scripting</loc>
<lastmod>2021-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nova-blocks/nova-blocks-by-pixelgrade-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elements-kit-litepro-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/frontend-profile-139-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asgaros-forum/asgaros-forum-310-unauthenticated-sql-injection</loc>
<lastmod>2025-11-07T14:15:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-elementor-268-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddymeet/buddymeet-220-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/replace-word/replace-word-21-cross-site-request-forgery</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payamito-sms-woocommerce/-payamito-sms-woocommerce-135-unauthenticated-time-based-blind-sql-injection</loc>
<lastmod>2025-12-12T16:10:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-151-authenticated-admin-remote-code-execution</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ki-live-video-conferences/ki-live-video-conferences-5515-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-applink/wp-applink-041-authenticated-contributor-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-07-23T20:42:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-264-authenticated-contributor-blind-server-side-request-forgery</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-basic-slider/unlimited-category-slider-for-woocommerce-200-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-image-popup/simple-image-popup-136-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-mass-importer/csv-mass-importer-12-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-343-and-wp-staging-pro-543-sensitive-information-exposure-via-log-file</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-251-cross-site-request-forgery</loc>
<lastmod>2024-08-07T15:16:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-for-avito/xml-for-avito-252-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-316-authenticated-admin-sql-injection</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-alidropship/ald-dropping-and-fulfillment-for-aliexpress-and-woocommerce-1021-missing-authorization-to-order-information-disclosure</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-sports-club-league-manager-2721-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/pdf-invoices-packing-slips-for-woocommerce-590-authenticated-shop-manager-php-object-injection</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-359-missing-authorization-to-unauthenticated-information-disclosure</loc>
<lastmod>2024-04-05T12:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-28-reflected-cross-site-scripting-via-bookid-parameter</loc>
<lastmod>2016-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-873-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-charts/easy-charts-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/role-based-pricing-for-woocommerce/role-based-pricing-for-woocommerce-162-missing-authorization-to-phar-deserialization</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backitup/backitup-210-missing-authorization</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-countdown-fx/smart-countdown-fx-155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-invite/wp-discord-invite-253-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-1239-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customizer-export-import/customizer-exportimport-097-authenticated-admin-arbitrary-file-upload-via-customization-settings-import</loc>
<lastmod>2024-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-wp-page-post/duplicate-page-plugins-various-versions-sql-injection</loc>
<lastmod>2020-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-5120-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crm-system/wordpress-crm-plugin-wp-crm-system-3291-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/glb/glb-122-missing-authorization</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-online-courses-builder-elearning-courses-courses-solution-education-courses-3221-missing-authorization-to-authenticated-subscriber-arbitrary-user-meta-update</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-importer-improved/csv-importer-improved-061-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3155-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-post-author-reassignment-via-avatar-field</loc>
<lastmod>2026-03-30T21:39:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/count-per-day/count-per-day-323-path-disclosure-and-denial-of-service</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/membership-plugin-restrict-content-3213-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-155-cross-site-scripting</loc>
<lastmod>2019-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jnews-video/jnews-video-1102-reflected-cross-site-scripting</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jigoshop-store-toolkit/jigoshop-store-toolkit-138-missing-authorization-checks</loc>
<lastmod>2016-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-conditional-load/disqus-conditional-load-1110-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrakify/hurrakify-24-unauthenticated-server-side-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ssquiz/ss-quiz-205-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/laposta/laposta-112-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycryptocheckout/mycryptocheckout-2123-reflected-cross-site-scripting-via-url</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-supreme/team-members-multi-language-supported-team-plugin-85-authenticated-editor-sql-injection</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-1582-stored-cross-site-scripting</loc>
<lastmod>2020-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addthis/addthis-5012-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-the-code/copy-anything-to-clipboard-403-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contest/wp-contest-100-authenticated-contributor-sql-injection</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-13210-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-2911-missing-authorization-via-regenerate_qrcode</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-3741-authenticated-administrator-stored-cross-site-scripting-via-label-parameter</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-publications-by-supsystic/digital-publications-by-supsystic-177-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shortcode/wp-shortcode-by-mythemeshop-1416-cross-site-request-forgery</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleverreach-wp/cleverreach-wp-1520-unauthenticated-sql-injection-via-title-parameter</loc>
<lastmod>2025-08-05T13:00:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sober/sober-3511-unauthenticated-information-exposure</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form-7-spam-blocker/spam-protect-for-contact-form-7-129-authenticated-editor-arbitrary-file-deletion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-cross-site-request-forgery-via-regeneratesitemaps</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-491-authorization-bypass</loc>
<lastmod>2017-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandtour/grand-tour-travel-agency-wordpress-551-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form/easy-form-by-ays-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-342-unauthenticated-booking-payment-bypass</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiebot/cookiebot-gdprccpa-compliant-cookie-consent-and-control-360-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-url-cron/get-url-cron-147-missing-authorization-via-geturlcron_action_handle</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-spam-at-all/no-spam-at-all-13-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thirstyaffiliates/thirstyaffiliates-affiliate-link-manager-3104-subscriber-arbitrary-affiliate-links-creation</loc>
<lastmod>2022-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hendon/hendon-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-after-email/download-after-email-215-216-unauthorized-repeated-form-submissions</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scand-multi-mailer/multimailer-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-731-authenticated-subscriber-sql-injection-via-ssortdir_0-parameter</loc>
<lastmod>2026-06-02T05:30:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-download-gallery/nextgen-download-gallery-162-unauthenticated-information-exposure</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter2go/newsletter2go-4014-authenticatedsubscriber-stored-cross-site-scripting-via-style</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3237-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility/wp-accessibility-170-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-and-users-stats/posts-and-users-stats-113-authenticated-subscriber-csv-injection</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2172-authenticated-contributor-stored-cross-site-scripting-via-staff-widget</loc>
<lastmod>2024-12-20T20:19:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-320-reflected-cross-site-scripting-via-keyword-and-ep_filter_date</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-5300-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donations-block/donation-block-for-paypal-210-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2439-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lws-hide-login/lws-hide-login-216-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-wordpress-help-desk-and-knowledge-base-166-missing-authorization-to-unauthenticated-ticket-reply-exposure</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-star-rating/universal-star-rating-210-cross-site-request-forgery</loc>
<lastmod>2023-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-178-missing-authorization</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-286-reflected-cross-site-scripting-via-msg</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3131-authenticated-contributor-stored-cross-site-scripting-via-title</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-social-sharing/ocean-social-sharing-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-01T21:38:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/registration-forms-user-registration-forms-invitation-based-registrations-front-end-user-profile-login-form-content-restriction-384-sensitive-information-exposure-via-log-files</loc>
<lastmod>2025-02-20T15:01:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edunext-openedx-integrator/open-edx-lms-261-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-2816-unauthenticated-sql-injection</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zigaform-form-builder-lite/zigaform-form-builder-lite-742-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:43:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add2fav/add2fav-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/playa/playa-beach-pool-club-wordpress-theme-139-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-wordpress-359-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-combo-offers/combo-offers-woocommerce-42-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seatreg/seatreg-1560-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T15:02:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textme-sms-integration/textme-sms-191-missing-authorization</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpremote/the-wp-remote-wordpress-plugin-464-reflected-cross-site-scripting</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-shortcodes-plus/user-shortcodes-plus-202-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-disclosure-via-user_meta-shortcode</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flickr-justified-gallery/flickr-justified-gallery-35-cross-site-request-forgery-via-fjgwpp_settings</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-098-cross-site-scripting</loc>
<lastmod>2016-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-1110-cross-site-request-forgery</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pin-generator/pin-generator-200-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/expose/expose-all-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resize-at-upload-plus/resize-at-upload-plus-13-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-open-redirect-in-admin-dashboard</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartstart/smart-start-108-cross-site-scripting</loc>
<lastmod>2013-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-list/advanced-post-list-0562-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-scripting-via-wpglobus_optionmore_languages</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infility-global/infility-global-21520-authenticated-editor-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/platinum-seo-pack/platinum-seo-240-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-virtual-classroom/braincert-html5-virtual-classroom-21-reflected-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-183-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusedwooPRO/infusedwoo-pro-512-unauthenticated-arbitrary-file-read-via-url-parameter</loc>
<lastmod>2026-05-13T19:52:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/em-beer-manager/em-beer-manager-323-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-11-03T15:34:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-emails-with-mandrill/send-emails-with-mandrill-141-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2694-authenticated-contributor-stored-cross-site-scripting-via-countdown-expired-title</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-1714-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smartit/smartit-premium-responsive-unspecified-version-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-187-authenticated-local-file-inclusion</loc>
<lastmod>2021-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-603-authenticated-contributor-stored-cross-site-scripting-via-filterable-gallery-widget</loc>
<lastmod>2024-09-12T17:39:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons-pro/master-addons-for-elementor-premium-213-authenticated-subscriber-remote-code-execution-via-render_preview</loc>
<lastmod>2026-03-02T04:48:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1823-authenticated-contributor-path-traversal-via-esc_dir-function</loc>
<lastmod>2024-06-06T21:19:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-719-cross-site-request-forgery</loc>
<lastmod>2019-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2793-authenticated-administrator-sql-injection</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-customizable-image-and-photo-galleries-for-wordpress-473-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-attempt-log/wp-login-attempt-log-13-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-aggregator/wp-event-aggregator-179-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/berger/berger-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wufoo-shortcode/wufoo-shortcode-151-authenticated-contributor-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-512-authenticated-information-disclosure</loc>
<lastmod>2022-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-310-authenticated-contributor-stored-cross-site-scripting-via-animated-text-and-fun-fact-blocks</loc>
<lastmod>2025-08-05T17:41:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dashboard-notepad/dashboard-notepad-142-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-1910-reflected-cross-site-scripting</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-counter-up/counter-up-animated-number-counter-milestone-showcase-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-2728-authenticated-admin-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gym-management/wpgym-6780-unauthenticated-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-file-monitor/wordpress-file-monitor-233-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51136-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-294-unauthenticated-sql-injection</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/-persian-woocommerce-sms-333-cross-site-scripting</loc>
<lastmod>2016-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-0170-authenticated-contributor-stored-cross-site-scripting-via-user-metadata</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mistape/mistape-140-backdoor</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-variation-gallery/additional-variation-images-gallery-for-woocommerce-1128-authenticated-stored-cross-site-scripting</loc>
<lastmod>2019-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-3112-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homey/homey-241-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tw-whatsapp-chat-rotator/whatsapp-chat-for-wordpress-and-woocommerce-121-reflected-cross-site-scripting</loc>
<lastmod>2025-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-photo/user-photo-094-arbitrary-file-upload</loc>
<lastmod>2011-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-concours/wp-concours-11-cross-site-scripting</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-96-missing-authorization</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed/youtube-embed-54-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-backup/wp-database-backup-435-cross-site-request-forgery</loc>
<lastmod>2016-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/two-factor-authentication/two-factor-authentication-1312-cross-site-request-forgery</loc>
<lastmod>2018-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-ai-powered-appointment-booking-with-visual-seat-plan-and-ultimate-calendar-scheduling-plugin-1021-missing-authorization-to-limited-privilege-escalation</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3bubble-amazon-web-services-oembed-media-streaming-support/s3bubble-media-streaming-80-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slope-widgets/slope-widgets-4212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T10:47:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiehint-wp/cookiehint-wp-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a-simple-multilanguage/a-simple-multilanguage-plugin-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T21:29:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-buttons/bootstrap-buttons-12-reflected-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-206-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/issuem/issuem-290-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-editor-gallery-slider/block-editor-gallery-slider-111-missing-authorization-to-authenticated-subscriber-limited-post-meta-update</loc>
<lastmod>2025-07-17T16:28:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-cashapp/checkout-with-cash-app-on-woocommerce-602-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T18:51:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-google-maps/magic-google-maps-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-uploader/frontend-uploader-132-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knit-pay/knit-pay-cashfree-instamojo-razorpay-paypal-and-more-9400-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3-word-address-validation-field/what3words-address-field-400-authenticated-administrator-sensitive-information-exposure-in-class-w3w-autosuggest-publicphp</loc>
<lastmod>2023-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jardi/jardi-winery-vineyard-wine-shop-wordpress-theme-172-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marquee-addons-for-elementor/marquee-addons-for-elementor-382-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snsanton/sns-anton-41-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-1192-authenticated-administrator-crlf-injection-via-custom-header-values</loc>
<lastmod>2026-04-21T19:13:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-worthy/worthy-vg-wort-integration-fr-wordpress-165-6497609-cross-site-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-30-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2025-10-17T19:39:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-facebook-pixel-for-wp/advanced-social-pixel-211-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tm-woocommerce-compare-wishlist/tm-woocommerce-compare-wishlist-117-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-1238-missing-authorization-to-unauthenticated-multiple-ajax-actions</loc>
<lastmod>2026-01-08T17:39:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-page-speed-booster-1393-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-5028-authenticated-administrator-blind-server-side-request-forgery-via-audio_url-parameter</loc>
<lastmod>2026-01-16T14:51:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webauthn/wp-webauthn-133-authenticated-contributor-stored-cross-site-scripting-via-wwa_login_form-shortcode</loc>
<lastmod>2024-09-27T13:56:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailercloud-integrate-webforms-synchronize-contacts/mailercloud-integrate-webforms-and-synchronize-website-contacts-107-missing-authorization</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-2810-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6614-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inquiry-cart/inquiry-cart-342-cross-site-request-forgery-via-settings-form</loc>
<lastmod>2026-04-21T19:08:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-posts-to-subscribers/email-posts-to-subscribers-62-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-list/contact-list-easy-business-directory-staff-directory-and-address-book-plugin-2987-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apppresser/apppresser-mobile-app-framework-4410-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-hits-counter/ajax-hits-counter-popular-posts-widget-010210305-missing-authorization</loc>
<lastmod>2026-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/martins-link-network/martins-free-easy-seo-backlink-link-building-network-1229-reflected-cross-site-scripting-via-_wpnonce</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tastydaily/tasty-daily-127-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-unauthenticated-arbitrary-nonce-generation</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reebox/reebox-148-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2073-missing-authorization-to-player-update</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-382-missing-authorization-to-unauthenticated-widget-content-overwrite</loc>
<lastmod>2026-05-04T16:06:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriber/subscriber-by-bestwebsoft-134-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-footnotes/inline-footnotes-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-166-ip-address-spoofing</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recaptcha-integration/recaptcha-integration-for-wordpress-125-reflected-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-198-open-redirect</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-leaflet-map/extensions-for-leaflet-map-414-authenticated-contributor-stored-cross-site-scripting-via-elevation-track-shortcode</loc>
<lastmod>2026-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-authenticated-php-object-injection</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-204-missing-authorization-to-recaptcha-api-key-modification</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-shopify-product/smart-shopify-product-102-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-control/mail-control-028-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translatepress-multilingual/translatepress-232-authenticated-administrator-sql-injection</loc>
<lastmod>2022-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contus-video-gallery/wordpress-video-gallery-26-sql-injection</loc>
<lastmod>2014-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foobox-image-lightbox/foobox-image-lightbox-2733-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-13107-authenticated-email-address-disclosure</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-projects/cost-calculator-15-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-388-missing-authorization</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-329-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-28T15:27:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-16527-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-34-sql-injection</loc>
<lastmod>2021-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rozario/rozario-14-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4300-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-noindex-nofollow-tool-ii/ultimate-noindex-nofollow-tool-ii-133-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hacklog-downloadmanager/hacklog-downloadmanager-214-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-154-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/spidervplayer-21-reflected-cross-site-scripting</loc>
<lastmod>2013-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-share-vod/video-share-vod-2711-authenticated-editor-stored-cross-site-scripting-via-custom-field-meta-values</loc>
<lastmod>2026-02-17T20:33:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-classifieds-plugin-212-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-3124-cross-site-scripting</loc>
<lastmod>2021-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-instagram-portfolio/gs-insever-portfolio-144-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-421-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/plain-post/plain-post-103-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1645-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-07T23:08:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-syndication/local-syndication-15a-authenticated-contributor-server-side-request-forgery-via-shortcode</loc>
<lastmod>2025-11-17T20:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-admin-fonts/persian-admnin-fonts-4103-missing-authorization</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/json-content-importer/get-use-apis-json-content-importer-153-reflected-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-advertisements/text-advertisements-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-wp-page-to-static-html/export-wp-page-to-static-htmlcss-219-cross-site-request-forgery-via-multiple-ajax-actions</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-348-unauthenticated-limited-arbitrary-json-file-write</loc>
<lastmod>2026-01-09T20:32:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-pro/otter-blocks-pro-263-unauthenticated-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0218-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eupago-gateway-for-woocommerce/eupago-gateway-for-woocommerce-463-missing-authorization</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-61-617-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hdw-player-video-player-video-gallery/hdw-player-plugin-video-player-video-gallery-50-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poptin/poptin-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-3914-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideonline/slideonline-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-gallery/gallery-13-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-12-06T21:32:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-603-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whatsapp/whatsapp-share-button-101-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress/sportspress-sports-club-league-manager-2720-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-booking-calendar/advanced-booking-calendar-170-reflected-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-wallet-wallet-cashback-refunds-partial-payment-wallet-restriction-262-cross-site-request-forgery</loc>
<lastmod>2025-03-03T20:19:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazing-hover-effects/amazing-hover-effects-249-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/covid-19-alert/covid-19-coronavirus-update-your-customers-151-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-tripadvisor-review-slider/wp-tripadvisor-review-slider-141-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.4/wordpress-core-342-cross-site-scripting</loc>
<lastmod>2012-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft-form-builder/formcraft-121-cross-site-request-forgery</loc>
<lastmod>2019-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-content-for-elementor/dynamic-content-for-elementor-2125-cross-site-request-forgery</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-assist/bit-assist-119-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdr-webmaster-tools/mdr-webmaster-tools-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-filter/product-filter-by-wbw-250-missing-authorization-via-getlistfortbl</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41153-cross-site-request-forgery-via-insert_inner_template</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerfy/careerfy-420-reflected-cross-site-scripting</loc>
<lastmod>2020-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/meta-data-filter-taxonomies-filter-1272-cross-site-request-forgery</loc>
<lastmod>2021-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-obfuscate-shortcode/email-obfuscate-shortcode-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-12T21:24:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyan-backup/cyan-backup-253-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vidmov/vidmov-238-authenticated-subscriber-path-traversal</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zioalberto/zio-alberto-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dr-widgets-blocks/delisho-113-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/horizontal-slider/horizontal-slider-24-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-slug-from-custom-post-type/remove-slug-from-custom-post-type-103-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipment-tracker-for-woocommerce/shipment-tracker-for-woocommerce-1423-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibs-mappro/ibs-mappro-10-directory-traversal</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/price-calc/price-calc-063-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodex-posts-likes/kodex-posts-likes-243-cross-site-request-forgery</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upsell-order-bump-offer-for-woocommerce/upsell-funnel-builder-for-woocommerce-create-upsells-cross-sells-order-bumps-frequently-bought-and-popups-314-missing-authorization</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-320-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artplacer-widget/artplacer-widget-2211-missing-authorization-to-widget-deletion</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3891-unauthenticated-sql-injection</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-ordering/simple-page-ordering-250-missing-authorization-to-information-disclosure</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-338-authenticated-admin-local-file-inclusion</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/money-space/money-space-2139-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-01-06T18:35:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/method/method-21-arbitrary-file-deletion</loc>
<lastmod>2013-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-oauth-authentication-425-cross-site-request-forgery</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svgplus/svgplus-110-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-15T14:59:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner-premium/advanced-database-cleaner-premium-410-authenticated-subscriber-local-file-inclusion-via-template</loc>
<lastmod>2026-05-19T16:25:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-wp-page-post/duplicate-page-and-post-295-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-273-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optinmonster/optinmonster-264-unprotected-rest-api-endpoints</loc>
<lastmod>2021-11-01T09:02:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tatsu/tatsu-3312-unauthenticated-remote-code-execution</loc>
<lastmod>2022-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-users/email-users-484-cross-site-request-forgery</loc>
<lastmod>2016-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eprolo-dropshipping/eprolo-dropshipping-171-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-renewal-reminders/subscription-renewal-reminders-for-woocommerce-141-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-2012-self-reflected-cross-site-scripting</loc>
<lastmod>2013-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carrrot/carrot-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-update-nag/no-update-nag-1412-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-08-08T20:35:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activedemand/activedemand-0246-missing-authorization</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipages-flipbook/ipages-flipbook-143-reflected-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/headway/headway-389-cross-site-scripting</loc>
<lastmod>2006-10-13T20:01:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-favorites/my-favorites-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets/code-snippets-2142-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-461-path-traversal</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-99-unauthenticated-sql-injection</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zx-csv-upload/zx_csv-upload-1-authenticated-admin-sql-injection</loc>
<lastmod>2016-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-media-folder-addon/media-folder-addon-401-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-1542-hidden-login-page-location-disclosure</loc>
<lastmod>2020-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-autokeyword/wp-autokeyword-10-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elements-plus/elements-plus-2163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2111-authenticated-contributor-stored-cross-site-scripting-via-wpcf_donate-shortcode</loc>
<lastmod>2024-10-25T21:54:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-plugin-3183-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-stories/web-stories-1240-server-side-request-forgery</loc>
<lastmod>2022-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-686-reflected-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-addons-for-beaver-builder/beaver-builder-addons-by-wpzoom-134-authenticated-contributor-stored-cross-site-scripting-via-heading-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-event-calendar/php-event-calendar-for-wordpress-151-arbitrary-file-upload</loc>
<lastmod>2015-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-ticket-system-for-woocommerce/helpdesk-support-ticket-system-for-woocommerce-210-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectlist/projectlist-030-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2025-11-24T19:12:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-column-clickable-elementor/make-column-clickable-elementor-160-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-coming-soon-page-237-unauthenticated-maintenance-mode-bypass</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3947-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onionbuzz-viral-quiz/onionbuzz-107-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-alt-renamer/media-alt-renamer-001-authenticated-author-stored-cross-site-scripting-via-_wp_attachment_image_alt-postmeta</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customcomment/custom-comment-216-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-dynamics/dynamics-365-integration-1317-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-child-theme-creator/child-theme-creator-by-orbisius-151-cross-site-request-forgery-to-arbitrary-file-modification-and-creation</loc>
<lastmod>2020-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-categories/export-categories-10-missing-authorization</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gptranslate/gptranslate-multilingual-ai-translation-for-wordpress-automatically-translate-websites-2326-unauthenticated-sql-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-415-reflected-cross-site-scripting</loc>
<lastmod>2022-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-431-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-35-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteorigin-panels/page-builder-by-siteorigin-2343-authenticated-contributor-stored-cross-site-scripting-via-panels_data-parameter</loc>
<lastmod>2026-06-26T17:44:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-loops/the-loops-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/wp-jobsearch-267-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-05T19:59:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-viber/chat-support-for-viber-chat-bubble-and-chat-button-for-gutenberg-elementor-and-shortcode-173-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:15:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-971-reflected-cross-site-scripting</loc>
<lastmod>2022-05-04T06:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-panorama/easy-panorama-114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-icontact/icontact-for-gravity-forms-132-reflected-cross-site-scripting</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorycustomfields/category-custom-fields-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reservation-studio-widget/reservationstudio-widget-1011-cross-site-request-forgery-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/categorify/categorify-1074-cross-site-request-forgery-via-categorifyajaxaddcategory</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-212-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uk-address-postcode-validation/uk-address-postcode-validation-392-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-265-reflected-cross-site-scripting</loc>
<lastmod>2021-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gozen-forms/gozen-forms-115-unauthenticated-sql-injection-via-emdedsc</loc>
<lastmod>2025-07-03T12:18:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-5200-reflected-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/users-ultra/users-ultra-membership-users-community-and-member-profiles-with-paypal-integration-plugin-1495-sql-injection</loc>
<lastmod>2015-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/playerjs/playerjs-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-to-miniprogram/rest-api-to-miniprogram-471-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-219-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-for-wordpress-6120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-booking/fluent-booking-the-ultimate-appointments-scheduling-events-booking-events-calendar-solution-1911-authenticated-subscriber-missing-authorization-to-calendar-import-and-management</loc>
<lastmod>2025-12-03T00:41:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpexperts-square-for-give/wpexperts-square-for-givewp-131-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-20T21:30:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-1512-sql-injection</loc>
<lastmod>2005-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-autocomplete/search-autocomplete-109-sql-injection</loc>
<lastmod>2011-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/marcell/marcell-1214-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vibes/vibes-220-unauthenticated-sql-injection-via-resource-parameter</loc>
<lastmod>2025-08-25T14:10:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anycomment/anycomment-034-open-redirect-via-redirect-parameter</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1326-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/curcy-2117-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-yet-another-related-posts-plugin-425-cross-site-request-forgery</loc>
<lastmod>2015-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/micdrop/micdrop-131-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flamingo/flamingo-21-csv-injection</loc>
<lastmod>2020-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-unbounce/analytics-reduce-bounce-rate-23-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:44:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devs-crm/devs-crm-manage-tasks-attendance-and-teams-all-together-118-missing-authorization-to-unauthenticated-lead-tag-update</loc>
<lastmod>2025-12-12T16:08:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iflychat/iflychat-wordpress-chat-472-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-alt-text-editor/media-library-alt-text-editor-100-authenticated-contributor-stored-cross-site-scripting-via-post_id-shortcode-attribute</loc>
<lastmod>2026-03-06T18:44:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-912-cross-site-request-forgery</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-font-awesome/better-font-awesome-203-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11137-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avenirsoft-directdownload/avenir-soft-direct-download-10-cross-site-scripting</loc>
<lastmod>2015-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1521-unauthenticated-arbitrary-file-read-via-upload-1filefile_path</loc>
<lastmod>2026-05-04T17:49:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tidio-live-chat/tidio-live-chat-421-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2019-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/refraction/refraction-13-multiple-vulnerabilities</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addi-simple-slider/simple-responsive-slider-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-11T14:05:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendmachine/sendmachine-for-wordpress-1020-unauthenticated-smtp-hijack-to-privilege-escalation-via-manage_admin_requests</loc>
<lastmod>2026-04-21T19:01:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-downloads/sell-downloads-1112-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/most-popular-posts-widget-lite/most-popular-posts-widget-08-authenticated-admin-sql-injection</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/n-media-wp-simple-quiz/easy-quiz-maker-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyship-woocommerce-shipping-rates/easyship-woocommerce-shipping-rates-089-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-modal/media-modal-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-thumbnail-gallery/tinymce-thumbnail-gallery-107-local-file-inclusion</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faltu-testimonial-rotator/faltu-testimonial-rotator-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbspoiler/bbspoiler-201-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-more/popup-more-224-authenticated-admin-directory-traversal-to-limited-local-file-inclusion</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/computer-repair-shop-38115-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1820-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-login-security-and-history/wp-login-security-and-history-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bug-library/bug-library-211-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-562-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-508-authenticated-subscriber-sql-injection-via-task_search-parameter</loc>
<lastmod>2026-06-30T15:24:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miraculouscore/miraculous-core-212-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-amazon-ses/smtp-for-amazon-ses-yaysmtp-18-unauthenticated-stored-cross-site-scripting-via-email-logs</loc>
<lastmod>2025-04-10T19:59:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svs-pricing-tables/svs-pricing-tables-104-cross-site-request-forgery-to-pricing-table-editcreation</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-722-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2024-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jobify/jobify-job-board-wordpress-theme-430-unauthenticated-arbitrary-file-read</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/explicit/explicit-all-versions-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-slider-gallery-form-modal-data-table-tab-particle-free-elementor-widgets-elementor-templates-352-authenticated-contributor-stored-cross-site-scripting-via-sina-fancy-text-widget</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-135-reflected-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-slider-gallery-form-modal-data-table-tab-particle-free-elementor-widgets-elementor-templates-370-authenticated-contributor-stored-cross-site-scripting-via-fancy-text-widget-and-countdown-widget</loc>
<lastmod>2026-03-22T18:10:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pj-news-ticker/pj-news-ticker-195-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-comments/better-comments-155-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/os-pricing-tables/os-pricing-tables-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codistoconnect/omnichannel-for-woocommerce-1365-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-531-stored-cross-site-scripting-via-block-editor</loc>
<lastmod>2019-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-web-suite/social-web-suite-social-media-auto-post-social-media-auto-publish-4111-directory-traversal-to-arbitrary-file-download</loc>
<lastmod>2024-10-02T15:30:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-205-open-redirect</loc>
<lastmod>2019-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-325-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1319-cross-site-scripting</loc>
<lastmod>2019-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uptodown-apk-download-widget/uptodown-apk-download-widget-0110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:17:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-blocks/bblocks-essential-gutenberg-blocks-patterns-collection-2030-missing-authorization</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpha-price-table-for-elementor/alpha-price-table-for-elementor-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-64-missing-authorization-to-arbitrary-option-deletion</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygenbuilder/oxygen-builder-483-missing-authorization-to-authenticated-subscriber-stylesheet-update</loc>
<lastmod>2024-08-26T15:48:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-521-reflected-cross-site-scripting</loc>
<lastmod>2018-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-3311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/internal-link-building-plugin/internal-link-building-123-cross-site-request-forgery</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-jquery-slider/responsive-jquery-slider-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/website-builder-by-seedprod-theme-builder-landing-page-builder-coming-soon-page-maintenance-mode-61521-missing-authorization-via-seedprod_lite_new_lpage</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15107-authenticated-contributor-stored-cross-site-scripting-via-text-field</loc>
<lastmod>2024-05-29T15:02:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-220-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc4bp/buddypress-woocommerce-my-account-integration-create-woocommerce-member-pages-3420-authenticated-subscriber-php-object-injection-in-get_simple_request</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-divi/divi-torque-lite-divi-theme-and-extra-theme-366-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-06-11T16:52:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-bootstrap-cards/cards-for-beaver-builder-114-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4241-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/wp-easycart-5519-missing-authorization</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/schema-lite/schema-lite-122-cross-site-request-forgery</loc>
<lastmod>2024-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images-ape/gallery-images-ape-228-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-backgrounds/advanced-wordpress-backgrounds-1123-authenticated-contributor-stored-cross-site-scripting-via-imagetag-parameter</loc>
<lastmod>2024-09-10T18:48:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-comments-number/feed-comments-number-021-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-basic-elements/wp-basic-elements-5215-cross-site-request-forgery-via-wpbe_save_settings</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileorganizer/fileorganizer-107-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashy/flashy-13-cross-site-scripting</loc>
<lastmod>2015-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-837-authenticated-contributor-stored-cross-site-scripting-via-various-widgets</loc>
<lastmod>2024-07-03T14:51:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2811-unauthenticated-stored-cross-site-scripting-via-fileupload-field-value</loc>
<lastmod>2026-05-01T20:15:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-t-countdown-widget/jquery-t-countdown-widget-2325-authenticated-contributor-stored-cross-site-scripting-via-tminus-shortcode</loc>
<lastmod>2024-05-22T12:56:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multilanguage/multilanguage-by-bestwebsoft-123-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-verify/age-verify-028-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-cross-site-request-forgery-to-order-message-update</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshare/slideshare-for-wordpress-by-yoast-191-admin-cross-site-scripting</loc>
<lastmod>2016-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-engage-3131-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anual-archive/annual-archive-160-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-blog-card/simple-blog-card-130-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-13109-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2021-12-20T12:39:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-552-reflected-cross-site-scripting-via-s-parameter</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5913-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-711-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/konsept/konsept-19-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/guest-author/guest-author-23-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2177-sql-injection</loc>
<lastmod>2017-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-users-from-csv-with-meta/import-and-export-users-and-customers-11412-cross-site-scripting</loc>
<lastmod>2019-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-profile-avatar/wp-user-profile-avatar-106-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-1110-authenticated-contributor-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-wordpress-classifieds-plugin/awp-classifieds-446-unauthenticated-sql-injection-via-regions</loc>
<lastmod>2026-05-04T14:11:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-tables-for-visual-composer/pricing-tables-for-wpbakery-page-builder-formerly-visual-composer-14-authenticated-contributor-stored-cross-site-scripting-via-wdo_pricing_tables-shortcode</loc>
<lastmod>2024-11-26T18:28:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-auto-poster/social-auto-poster-5315-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-tabs/tabs-for-woocommerce-100-authentiated-shop-manager-php-object-injection-in-product_has_custom_tabs</loc>
<lastmod>2025-02-27T20:11:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-bar/progress-bar-216-authenticated-contributor-stored-cross-site-scripting-via-wppb-shortcode</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpp-customization/admin-customization-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/muse-ai/museai-video-embedding-04-authenticated-contributor-stored-cross-site-scripting-via-muse-ai-shortcode</loc>
<lastmod>2025-07-23T20:43:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-10148-unauthenticated-sql-injection-via-dates_to_check</loc>
<lastmod>2025-12-15T02:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-scribe-the-chatgpt-powered-seo-content-creation-wizard/ai-scribe-seo-ai-writer-content-generator-humanizer-blog-writer-seo-optimizer-dalle-3-ai-wordpress-plugin-chatgpt-gpt-4o-128k-25-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-09T15:00:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-news/simple-news-28-authenticated-contributor-stored-cross-site-scripting-via-news-shortcode</loc>
<lastmod>2024-10-24T19:57:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uncode/uncode-2916-unauthenticated-arbitrary-file-read-in-uncode_admin_get_oembed</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-for-woocommerce-along-with-bookings-subscription-listings-compatible-6712-insecure-direct-object-reference-to-account-takeoverprivilege-escalation</loc>
<lastmod>2024-09-24T17:50:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recapture-for-woocommerce/recapture-for-woocommerce-1043-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp/mainwp-4433-authenticated-administrator-sql-injection</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-any/addtoany-share-buttons-1745-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-footer-contacts/dn-footer-contacts-18-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/choices/choices-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meteor-slides/meteor-slides-157-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/woocommerce-pdf-invoices-421-authenticatedshop-manager-arbitrary-options-update-via-json-import</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgearoo/badgearoo-1014-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-282-authenticated-sql-injection</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-plugin-237-cross-site-scripting</loc>
<lastmod>2017-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-form/gutenverse-form-232-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2026-01-07T20:40:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-captcha/blue-captcha-201-cross-site-request-forgery-via-blcap_action-parameter</loc>
<lastmod>2026-06-23T16:41:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterlinks/betterlinks-shorten-track-and-manage-any-url-125-stored-cross-site-scripting</loc>
<lastmod>2021-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2137-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-333-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-by-supsystic/backup-by-supsystic-2311-cross-site-request-forgery-to-arbitrary-file-downloaddeletion</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-sku-label-changer/sku-label-changer-for-woocommerce-30-missing-authorization</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58014-reflected-cross-site-scripting</loc>
<lastmod>2025-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpack/al-pack-111-missing-authorization-to-unauthenticated-premium-feature-activation-via-check_activate_permission-function</loc>
<lastmod>2025-08-15T14:45:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-perks-forms/crm-perks-forms-110-reflected-cross-site-scripting</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-youtube-downloader/mdc-youtube-downloader-211-directory-traversal</loc>
<lastmod>2015-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-2620-authenticated-contributor-arbitrary-local-file-inclusion</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-slideshow/gallery-slideshow-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-150-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-dynamics/dynamics-365-integration-1312-cross-site-request-forgery-via-wp_ajax_wpcrm_log</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-programmmanager/wp-pmanager-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codeflavors-vimeo-video-post-lite/vimeotheque-2352-cross-site-request-forgery</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mas-static-content/mas-static-content-108-authenticated-contributor-private-static-content-page-disclosure</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-blocks/page-blocks-110-cross-site-request-forgery</loc>
<lastmod>2025-10-10T20:40:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multi-store-locator/wp-multistore-locator-252-unauthenticated-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/binary-mlm-plan/binary-mlm-plan-30-unauthenticated-limited-privilege-escalation</loc>
<lastmod>2025-10-14T20:04:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-download-monitor/simple-download-monitor-394-contributor-arbitrary-file-download</loc>
<lastmod>2021-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51149-unauthenticated-api-keys-disclosure</loc>
<lastmod>2026-03-22T18:29:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-182-missing-authorization</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foogallery/foogallery-3111-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1716-authenticated-editor-privilege-escalation-via-account-takeover-to-updateuser-ajax-action</loc>
<lastmod>2026-06-05T15:42:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-ai-powered-business-directory-plugin-with-classified-ads-listings-852-missing-authorization-to-authenticated-subscriber-data-export-and-slug-update</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-5631-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wck-custom-fields-and-custom-post-types-creator/custom-post-types-and-custom-fields-creator-232-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-327-authenticated-author-information-disclosure</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-kiosk/mobile-kiosk-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutena-kit/gutena-kit-gutenberg-blocks-and-templates-207-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4280-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-accordion-block/advanced-accordion-gutenberg-block-502-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-23T19:59:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more-anything/load-more-anything-333-missing-authorization-to-plugin-settings-modification</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expivi/product-configurator-for-woocommerce-1231-arbitrary-file-deletion</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2552-authenticated-stored-cross-site-scripting-via-image-url</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arscode-ninja-popups/ninja-popups-477-open-redirect</loc>
<lastmod>2023-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-extra-fees-for-woocommerce/conditional-cart-fee-extra-charge-rule-for-woocommerce-extra-fees-1096-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-posts-for-wp/related-posts-for-wordpress-212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadconnector/leadconnector-302-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons3/easy-social-share-buttons-94-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cultbooking-booking-engine/cultbooking-hotel-booking-engine-21-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-225-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-custom-fields/just-custom-fields-332-cross-site-request-forgery-on-ajax-actions</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-frontend-manager/wcfm-frontend-manager-6513-cross-site-request-forgery</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-task-team-and-project-management-plugin-featuring-kanban-board-and-gantt-charts-2616-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-and-replace/search-replace-321-authenticated-administrator-sql-injection</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anima/anima-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-menu/menu-duplicator-10-missing-authorization</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-bookmarking-light/wp-social-bookmarking-light-207-cross-site-request-forgery</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-40-cross-site-request-forgery-to-item-deletion</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duracelltomi-google-tag-manager/google-tag-manager-for-wordpress-115-cross-site-scripting-via-cloudflare-country-code</loc>
<lastmod>2022-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/cookie-information-free-gdpr-consent-solution-155-stored-cross-site-scripting</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-social-share-buttons/slick-social-share-buttons-2411-authenticated-subscriber-arbitrary-option-update</loc>
<lastmod>2023-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexidx-home-search/flexidx-home-search-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-anti-spam-firewall-by-cleantalk-644-authorization-bypass-due-to-missing-empty-value-check-to-unauthenticated-arbitrary-plugin-installation</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-auto-publish/social-media-auto-publish-365-reflected-cross-site-scripting-via-postmessage</loc>
<lastmod>2025-12-12T15:24:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-columns-pro/admin-columns-pro-649-authenticated-subscriber-csv-injection</loc>
<lastmod>2019-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-272-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-01-17T17:50:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-535-blind-sql-injection-via-order-parameter</loc>
<lastmod>2020-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-296-cross-site-request-forgery</loc>
<lastmod>2018-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-responsive-image-gallery-101-sql-injection</loc>
<lastmod>2016-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard-for-wp/exactmetrics-860-902-authenticated-custom-insecure-direct-object-reference-to-arbitrary-plugin-installation</loc>
<lastmod>2026-03-10T21:00:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vdz-verification/vdz-verification-1312-stored-cross-site-scripting</loc>
<lastmod>2021-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7132-missing-authorization</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-content/restrict-content-322-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected/password-protected-262-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fx-private-site/fx-private-site-121-sensitive-information-exposure</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-305-authenticated-subscriber-arbitrary-file-deletion-via-custom-profile-field-file-path</loc>
<lastmod>2026-04-20T05:51:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-block/svg-block-1124-authenticated-administrator-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-18T18:51:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-dashboard/ultimate-dashboard-377-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bootscraper/bootscraper-300-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-remote-site-search/wp-remote-site-search-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-cookie-consen/wp-gdpr-cookie-consent-100-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/convertkit/convertkit-249-missing-authorization</loc>
<lastmod>2024-06-20T15:27:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kargo-takip/kargo-takip-12-unauthenticated-server-side-request-forgery-via-api_url-parameter</loc>
<lastmod>2026-06-23T16:41:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-wordpress-website-builder-1187-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-complete-hr-solution-with-recruitment-job-listings-woocommerce-crm-accounting-1131-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-260-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pexels-free-stock-photos/pexels-free-stock-photos-122-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-182-unauthenticated-arbitrary-file-download</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-attachments/attachments-52-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kirilkirkov-pdf-invoice-manager/invoct-pdf-invoices-billing-for-woocommerce-16-missing-authorization-to-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-02-10T20:09:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookies-and-content-security-policy/cookies-and-content-security-policy-215-sensitive-information-exposure</loc>
<lastmod>2023-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-167-insecure-direct-object-reference-to-menu-access</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadconnector/leadconnector-17-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-wordpress-mu-281-full-path-disclosure</loc>
<lastmod>2009-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpachievements-free/wpachievements-free-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dsp_dating/wpdating-741-arbitrary-file-upload</loc>
<lastmod>2023-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yslider/yslider-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:57:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-57-unauthenticated-sql-injection</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-182-sql-injection-via-tutor_quiz_builder_get_question_form</loc>
<lastmod>2021-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taggbox-widget/taggbox-33-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-and-files-contest-gallery-2134-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3242-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-logging/wp-mail-logging-1100-unauthenticated-arbitrary-settings-change</loc>
<lastmod>2021-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-contact-form-7/drag-and-drop-multiple-file-upload-for-contact-form-7-1387-unauthenticated-php-object-injection-via-phar-to-arbitrary-file-deletion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yookassa/kassa-woocommerce-230-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1394-unauthenticated-limited-file-upload</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adthrive-ads/raptive-ads-363-missing-authorization-to-unauthenticated-datasettings-reset</loc>
<lastmod>2025-02-18T19:34:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bitformpro/bit-form-pro-264-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2803-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-15T19:05:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-test-email/wp-test-email-118-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plenigo/plenigo-1120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1325-information-disclosure</loc>
<lastmod>2022-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smart-mag/smartmag-1030-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-multivendor-marketplace-for-woocommerce-3611-reflected-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-147-unauthenticated-php-object-injection-via-download_csv</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendpulse-email-marketing-newsletter/sendpulse-email-marketing-newsletter-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gg-bought-together/gg-bought-together-for-woocommerce-102-unauthenticated-sql-injection</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-new-user-notification/custom-new-user-notification-120-authenticated-administrator-stored-cross-site-scripting-via-user-mail-subject-setting</loc>
<lastmod>2026-04-15T16:46:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-glossary/wp-glossary-312-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apptha-slider-gallery/apptha-slider-gallery-25-unauthenticated-arbitrary-file-read</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-328-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/huurkalender-wp/huurkalender-wp-156-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-bbpress-attachments/gd-bbpress-attachments-23-reflected-cross-site-scripting</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/best-woocommerce-feed/product-feed-manager-7315-authenticated-admin-directory-traversal</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-4618-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-private-store-for-woocommerce/build-private-store-for-woocommerce-10-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-seo-pack/premium-seo-pack-16001-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epeken-all-kurir/epeken-all-kurir-1462-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartarget-contact-us/smartarget-get-40-more-sales-improve-user-engagement-with-25-free-apps-14-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generic-elements-for-elementor/generic-elements-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:11:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-button-plugin/bestwebsofts-like-share-273-unauthenticated-password-protected-post-disclosure</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/heart/heart-18-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-281-unauthenticated-sql-injection-via-email-and-trackingid</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctuser/ctusers-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consultstreet/consultstreet-300-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/felici/felici-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-586-missing-authorization</loc>
<lastmod>2024-06-04T19:31:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mingle-forum/mingle-forum-1034-cross-site-request-forgery</loc>
<lastmod>2013-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yadisk-files/yadisk-files-125-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/ultimate-csv-importer-3675-information-disclosure</loc>
<lastmod>2015-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vagaro-booking-widget/vagaro-booking-widget-03-unauthenticated-stored-cross-site-scripting-via-vagaro_code</loc>
<lastmod>2026-03-20T15:05:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adif-log-search-widget/adif-log-search-widget-10f-reflected-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2843-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/edumall/edumall-424-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-25T19:47:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplyr-media-block/wplyr-media-block-130-authenticated-administrator-stored-cross-site-scripting-via-_wplyr_accent_color-parameter</loc>
<lastmod>2026-02-10T20:08:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-cross-site-request-forgery-to-product-deletion</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogvy/blogvy-107-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/careerup/careerup-231-reflected-cross-site-scripting</loc>
<lastmod>2020-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-me/delete-me-30-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3725-authenticated-subscriber-time-based-blind-sql-injection-via-order-and-orderby-parameters</loc>
<lastmod>2026-04-16T12:48:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-hardening/wp-hardening-fix-your-wordpress-security-126-unauthenticated-security-feature-bypass-to-username-enumeration</loc>
<lastmod>2024-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-visual-composer-75-authenticated-contributor-stored-cross-site-scripting-via-button-onclick-attribute</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/good-mood/good-mood-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-booster/divi-booster-502-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/push-notification-by-feedify/feedify-web-push-notifications-242-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T09:38:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1301-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picsmize/picsmize-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radslide/radslide-21-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-2917-unauthenticated-path-traversal-to-local-file-inclusion-via-tab-query-parameter</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiempocom/tiempocom-012-reflected-cross-site-scripting</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplemap/simplemap-store-locator-261-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-this-image/share-this-image-212-missing-authorization</loc>
<lastmod>2026-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-ga4-analytics-made-easy-523-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-repair-shop-crm-booking-plugin-for-wordpress-41121-missing-authorization</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-advanced-gutenberg-blocks-185-insufficient-authorization</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-stock-photos-foter/free-stock-photos-foter-154-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-docs/buddypress-docs-192-authorization-bypass</loc>
<lastmod>2017-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-admin-page/custom-admin-page-by-bestwebsoft-011-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-336-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3267-authenticated-subscriber-sql-injection-via-order_ids-parameter</loc>
<lastmod>2025-04-10T20:32:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fraudlabs-pro-for-woocommerce/fraudlabs-pro-for-woocommerce-22211-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a4-barcode-generator/print-barcode-labels-for-your-woocommerce-productsorders-3410-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-396-missing-authorization</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/head-meta-data/head-meta-data-20250327-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-11168-authenticated-author-stored-cross-site-scripting-via-embed-episode-meta-field</loc>
<lastmod>2026-06-17T18:12:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-157-unauthenticated-options-update-and-css-injection</loc>
<lastmod>2019-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-businessdirectory/wp-businessdirectory-312-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-load-gallery/wp-load-gallery-216-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fl3r-feelbox/fl3r-feelbox-81-cross-site-request-forgery-leading-to-plugin-settings-reset</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/hotel-booking-lite-460-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-author-base/custom-author-base-111-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/amoli/amoli-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-widgets-extensions-theme-builder-popup-builder-template-kits-213-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stampedio-product-reviews/stampedio-product-reviews-ugc-for-woocommerce-233-cross-site-request-forgery</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hurrytimer/hurrytimer-an-scarcity-and-urgency-countdown-timer-for-wordpress-woocommerce-2100-missing-authorization-to-authenticated-contributor-arbitrary-post-publication</loc>
<lastmod>2024-10-23T19:06:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lucidlms/lucidlms-105-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-shortcodes/my-shortcodes-23-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-235-261-sql-injection</loc>
<lastmod>2021-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eewee-admincustom/eewee-admin-custom-1824-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bverse-convert/bverse-convert-1371-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-841-authenticated-contributor-sql-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-elements/jetelements-for-elementor-2741-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-importer-plus/demo-importer-plus-208-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/verse/verse-170-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-backups/recent-backups-07-directory-traversal</loc>
<lastmod>2015-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-alt-text-generator-for-wp/ai-image-alt-text-generator-for-wp-119-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/math-comment-spam-protection/math-comment-spam-protection-21-cross-site-request-forgery</loc>
<lastmod>2007-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/month-name-translation-benaceur/month-name-translation-benaceur-237-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geshi-highlight/wp-geshi-highlight-143-authenticated-author-redos</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-everywhere/php-everywhere-203-remote-code-execution-by-contributor-users-via-gutenberg-block</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-409-cross-site-request-forgery-to-arbitrary-transaction-deletion</loc>
<lastmod>2022-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlight-social-photo-feeds/spotlight-social-feeds-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-cross-site-request-forgery-to-password-reset</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-carta-docente/ilghera-carta-docente-for-woocommerce-150-authenticated-administrator-path-traversal-to-arbitrary-file-deletion-via-cert-parameter</loc>
<lastmod>2026-03-19T20:03:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcs-wp-custom-search/wpcs-wordpress-custom-search-11-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegant-addons-for-elementor/elegant-addons-for-elementor-108-authenticated-contributor-stored-cross-site-scripting-via-switcher-slider-and-iconbox-widgets</loc>
<lastmod>2024-05-21T17:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bardwp/bard-16-cross-site-request-forgery</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digits/digits-8461-authentication-bypass-via-weak-otp</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-letsencrypt-ssl/wp-encryption-one-click-free-ssl-certificate-ssl-https-redirect-to-force-https-ssl-score-70-sensitive-information-exposure-via-insufficiently-protected-files</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-1416-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-code-checker/run-contests-raffles-and-giveaways-with-contestswp-206-reflected-cross-site-scripting</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-bulkquick-edit/custom-bulkquick-edit-1610-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-experiments-free/title-experiments-free-904-cross-site-request-forgery</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-simple-wordpress-forms-1332-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-199-reflected-cross-site-scripting</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webhooks/webhooks-338-authenticated-administrator-php-object-injection</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gameplan/gameplan-event-and-gym-fitness-wordpress-theme-164-reflected-cross-site-scripting</loc>
<lastmod>2017-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimal-share-buttons/minimal-share-buttons-173-authenticated-contributor-stored-cross-site-scripting-via-align-parameter</loc>
<lastmod>2025-05-29T16:53:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nokri/nokri-164-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charity-addon-for-elementor/charity-addon-for-elementor-133-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-12-02T20:46:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dbmanager/wp-dbmanager-272-command-injection</loc>
<lastmod>2014-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wapppress-builds-android-app-for-website/wapppress-604-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search/better-search-252-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/borgholm-marketing-agency-theme/borgholm-16-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-mestres-wp/checkout-mestres-wp-7196-authentication-bypass-via-password-reset</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12414-missing-authorization-to-authenticated-subscriber-cloud-service-disconnection</loc>
<lastmod>2026-02-18T16:09:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-912-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-slider-wp/logo-slider-400-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpine-photo-tile-for-instagram/alpine-photo-tile-for-instagram-1210-reflected-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nova-blocks/nova-blocks-219-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschool/coschool-lms-143-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/multiple-plugins-by-crocoblock-various-versions-missing-authorization-to-unauthenticated-unauthorized-action</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-schools-staff-directory/simple-schools-staff-directory-11-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reviews-plugin-for-google/widgets-for-google-reviews-1324-unauthenticated-stored-cross-site-scripting-via-google-reviews</loc>
<lastmod>2025-12-05T15:07:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formcraft3/formcraft-premium-wordpress-form-builder-3911-unauthenticated-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plinks/powies-plinks-pagepeeker-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-rebuilder/login-rebuilder-280-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-121-cross-site-request-forgery</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-protected-woo-store/password-protected-store-for-woocommerce-22-information-exposure-via-rest-api</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexa-blocks/nexa-blocks-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/wp-superbackup-233-reflected-cross-site-scripting</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbs-e-popup/bbs-e-popup-245-missing-authorization</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-content-ids/find-content-ids-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stats-counter/analytics-stats-counter-statistics-1225-unauthenticated-php-object-injection</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eis/wp-eis-133-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/classipress/classipress-314-stored-cross-site-scripting</loc>
<lastmod>2011-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-519-authenticated-contributor-sql-injection</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalcontest-lite/photo-contest-competition-video-contest-291-authenticated-author-php-object-injection</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hygia/hygia-116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-headers-and-footers/wp-headers-and-footers-311-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acl-floating-cart-for-woocommerce/acl-floating-cart-for-woocommerce-09-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gb-gallery-slideshow/gb-gallery-slideshow-13-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mimetypes-link-icons/mimetypes-link-icons-3220-authenticated-contributor-server-side-request-forgery-via-crafted-links-in-post-content</loc>
<lastmod>2026-03-20T15:17:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aws-cdn-by-wpadmin/wpadmin-aws-cdn-2013-cross-site-request-forgery</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lawyer-directory/lawyer-directory-132-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grip/multiple-themes-authenticated-subscriber-arbitrary-plugin-activation-and-deactivation</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-shipping-for-woocommerce/conditional-shipping-for-woocommerce-340-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-4503-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polldaddy/crowdsignal-dashboard-2024-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slash-admin/slash-admin-381-cross-site-request-forgery</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dr-flex/dr-flex-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/food-and-drink-menu/five-star-restaurant-menu-220-unauthenticated-arbitrary-object-deserialization-leading-to-remote-code-execution</loc>
<lastmod>2021-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-media-urls/export-media-urls-10-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-topbar/wp-topbar-536-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radius-blocks/radius-blocks-wordpress-gutenberg-blocks-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager/job-manager-0718-cross-site-scripting</loc>
<lastmod>2012-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalon/kalon-129-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-3101-cross-site-scripting</loc>
<lastmod>2016-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-microdata/wp-microdata-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multisite-scraper-post-generator-2682-unauthenticated-information-exposure-via-log-files</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-1588-missing-authorization-to-sensitive-data-exposure</loc>
<lastmod>2023-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-aggregator/wp-event-aggregator-176-cross-site-request-forgery-via-wpea_deauthorize_user</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4220-free-and-2250-premium-missing-authorization-to-unauthenticated-query-log-export</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsblogger/newsblogger-0254-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-782-sensitive-information-exposure</loc>
<lastmod>2023-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tradetracker-store/tradetracker-store-4660-authenticated-sql-injection</loc>
<lastmod>2021-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-forms/advanced-forms-for-acf-1932-missing-authorization-to-unauthenticated-form-settings-export</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-405-authenticated-editor-server-side-request-forgery-via-fileurl</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-page-cat/landing-page-cat-coming-soon-page-maintenance-page-squeeze-pages-172-unauthenticated-information-exposure</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3284-missing-authorization</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ip-blocker/advanced-ip-blocker-8107-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-star-rating/contact-form-7-star-rating-110-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-335-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-1554-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-stripe/stripe-add-on-for-ithemes-exchange-120-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likebtn-like-button/like-button-rating-2653-cross-site-request-forgery</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-likebox-widget-and-shortcode/profile-box-shortcode-and-widget-120-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-2451-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-364-cross-site-request-forgery</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-shortify/url-shortify-175-unauthenticated-stored-cross-site-scripting-via-referrer-header</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-qr-code-generator/flex-qr-code-generator-1210-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-01-12T04:11:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shamsi/wp-shamsi-410-missing-authorization-to-arbitrary-plugin-deactivation</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-affiliate-platform/wp-affiliate-platform-639-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-drupal-to-wp/fg-drupal-to-wordpress-3900-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-321-authenticated-admin-sql-injection</loc>
<lastmod>2019-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ni-woocommerce-sales-report/ni-woocommerce-sales-report-373-missing-authorization-via-ajax_sales_order</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mendeleyplugin/mendeley-134-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-for-woocommerce/inpost-for-woocommerce-140-and-inpost-pl-144-missing-authorization-to-unauthenticated-arbitrary-file-read-and-delete</loc>
<lastmod>2024-08-16T14:24:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-550-sql-injection</loc>
<lastmod>2019-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-4161-mishandling-of-file-upload</loc>
<lastmod>2019-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-course-manager/wp-course-manager-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/running-line/running-line-12-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-universal-analytics/advanced-google-universal-analytics-103-missing-authorization</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-for-post-grid-249-stored-cross-site-scripting</loc>
<lastmod>2021-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic-widget/wp_automatic_widget-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clone-by-wp-academy/clone-237-missing-authorization-via-wp_ajax_tifm_save_decision</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-player/audio-player-2045-cross-site-scripting-via-playerid-parameter</loc>
<lastmod>2013-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-my-blog/print-my-blog-3270-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-100-sql-injection</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-db-backup/database-backup-for-wordpress-224-missing-authorization</loc>
<lastmod>2014-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-category-slider-by-pluginever/product-category-slider-for-woocommerce-434-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-gallery-for-matterport-showcase/wp-matterport-shortcode-214-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-delete-attached-media/dx-delete-attached-media-202-missing-authorization-to-settings-update</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-750727-752727-reflected-cross-site-scripting-via-player_id-parameter</loc>
<lastmod>2021-10-05T20:14:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4283-unauthenticated-information-exposure</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lobot-slider-administrator/lobot-slider-administrator-060-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-20T15:13:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-multi-currency/curcy-multi-currency-for-woocommerce-2201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/typify/typify-302-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-facebook-connect-158-cross-site-request-forgery</loc>
<lastmod>2016-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-1511-cross-site-request-forgery</loc>
<lastmod>2023-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poeditor/poeditor-098-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-183-reflected-cross-site-scripting</loc>
<lastmod>2016-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2949-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-393-missing-authorization-to-authenticated-subscriber-arbitrary-course-completion</loc>
<lastmod>2026-01-08T18:44:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bu-section-editing/bu-section-editing-099-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2913-cross-site-request-forgery</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/randomize/randomize-143-authenticated-contributor-sql-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-avatars/author-avatars-listblock-2121-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-admin-emails/multiple-admin-emails-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6524-missing-authorization-to-authenticated-subscriber-arbitrary-quiz-creation-modification</loc>
<lastmod>2024-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payos/payos-1061-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-widget/wp-social-widget-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-2612-authenticated-contributor-stored-cross-site-scripting-via-video-button-and-countdown-widgets</loc>
<lastmod>2025-05-09T16:33:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webparex/shipmozo-courier-tracking-10-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-reloaded/wp-table-reloaded-193-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mukioplayer-for-wordpress/mukioplayer-for-wordpress-16-sql-injection</loc>
<lastmod>2013-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/badgeos/badgeos-3716-cross-site-request-forgery</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peprodev-ups/peprodev-ultimate-profile-solutions-191-752-missing-authorization-to-unauthenticated-email-enumeration</loc>
<lastmod>2025-05-06T13:27:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-campaigns/zoho-campaigns-207-cross-site-request-forgery-via-zcwc_integration_disconnect</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-514-missing-authorization-to-authenticated-contributor-content-access-rule-manipulation</loc>
<lastmod>2026-03-23T11:24:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/shortcodes-ultimate-5126-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cal/wp-cal-03-sql-injection</loc>
<lastmod>2008-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eyes-only-user-access-shortcode/eyes-only-user-access-shortcode-182-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-interest-slider/quick-interest-slider-315-cross-site-request-forgery</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-point-of-sale-pos-for-woocommerce-342-authenticated-outlet-manager-privilege-escalation</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot-chatgpt/kognetiks-chatbot-for-wordpress-199-unauthenticated-arbitrary-file-upload-via-chatbot_chatgpt_upload_file_to_assistant-function</loc>
<lastmod>2024-05-10T16:31:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/attorney/attorney-3-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-pdf-attachment/custom-post-type-attachment-346-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-learning/learning-courses-50-authenticated-cross-site-scripting</loc>
<lastmod>2021-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-menu/wp-mobile-menu-the-mobile-friendly-responsive-menu-2842-authenticated-contributor-stored-cross-site-scripting-via-image-alt</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inazo-advanced-ads-management/inazo-advanced-ads-management-14-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer-pack/news-blog-designer-pack-40-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-auto-tool/ai-auto-tool-content-writing-assistant-gemini-writer-chatgpt-all-in-one-207-230-missing-authorization-to-authenticated-subscriber-post-creation</loc>
<lastmod>2025-11-03T15:39:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4037-authenticated-subscriber-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-16T23:05:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3729-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4273-course-material-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-zoho/wp-gravity-forms-zoho-crm-and-bigin-128-open-redirect</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-2928-stored-cross-site-scripting</loc>
<lastmod>2015-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/impreza/impreza-8174-reflected-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopengine/shopengine-elementor-woocommerce-builder-addon-all-in-one-woocommerce-solution-484-incorrect-authorization-to-authenticated-editor-license-status-update</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-form/gutenverse-form-contact-form-builder-block-form-booking-form-247-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-wp-columns/advanced-wp-columns-206-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-410-missing-authentication-to-unauthenticated-migrated-course-deletion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-181-missing-authorization-on-ajax-actions</loc>
<lastmod>2020-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goodbarber/goodbarber-1026-open-redirect</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-42999-arbitrary-file-upload</loc>
<lastmod>2019-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-jquery-photo-gallery-slideshow-flash/zooeffect-plugin-for-video-player-photo-gallery-slideshow-jquery-and-audio-music-podcast-html5-111-reflected-cross-site-scripting</loc>
<lastmod>2011-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sante/sant-151-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator-widget/store-locator-widget-2025r2-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/contact-form-builder-with-drag-drop-for-wordpress-kali-forms-2341-missing-authorization-to-arbitrary-plugin-deactivation</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-embed-pdf-google-docs-vimeo-wistia-embed-youtube-videos-audios-maps-embed-any-documents-in-gutenberg-elementor-401-authenticated-contributor-stored-cross-site-scripting-via-embedpress-pdf-widget</loc>
<lastmod>2024-06-04T19:46:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-business-hours/wp-business-hours-14-cross-site-request-forgery</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-payment-methods-for-woocommerce/conditional-payment-methods-for-woocommerce-10-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wd/wd-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-divi/exclusive-divi-divi-preloader-modules-for-divi-extra-theme-14-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-15T15:15:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happyfiles-pro/happyfiles-pro-181-missing-authorization-to-arbitrary-file-deletion</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1210-authenticated-sql-injection-via-asc_or_desc-parameter</loc>
<lastmod>2015-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crypto/crypto-219-authentication-bypass-via-register</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-side-data-storage-for-contact-form-7/admin-side-data-storage-for-contact-form-7-111-authenticated-admin-sql-injection</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-call-for-price/call-for-price-for-woocommerce-420-authenticated-administrator-stored-cross-site-scripting-via-call-for-price-label-settings</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-552-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pre-party-browser-hints/pre-party-resource-hints-1819-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-for-elementor/cost-calculator-for-elementor-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpsimpleaccounting/cbx-accounting-bookkeeping-1314-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-563-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapmap/mapmap-11-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:33:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-410/ultimate-410-gone-status-code-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-2323-unauthenticated-arbitrary-file-upload-in-trx_addons_uploads_save_data</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/course-builder/course-builder-online-course-wordpress-theme-366-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-log/smart-external-link-click-monitor-link-log-502-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10webmapbuilder-1063-unauthenticated-stored-cross-site-scripting-via-plugin-settings-change</loc>
<lastmod>2020-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tk-google-fonts/tk-google-fonts-gdpr-compliant-227-authorization-bypass</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-elite-for-woocommerce/booster-elite-for-woocommerce-117-authenticated-adminshop-manager-arbitrary-file-download</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-notify-lite/popup-builder-1135-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-website-builder-for-wordpress-ecommerce-3119-authenticated-contributor-stored-cross-site-scripting-via-fusion_button-shortcode</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-2817-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apply-with-linkedin-buttons/apply-with-linkedin-buttons-23-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-work-in-progress-bar/author-wip-progress-bar-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-and-tips/quotes-and-tips-by-bestwebsoft-132-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-html5-file-upload/jquery-html5-file-upload-30-unauthenticated-settings-update</loc>
<lastmod>2017-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/super-backup-clone-migrate-for-wordpress-233-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-570-woocommerce-admin-264-information-disclosure</loc>
<lastmod>2022-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-320-unauthenticated-information-exposure-via-ekit_widgetarea_content-function</loc>
<lastmod>2024-07-18T08:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgs-core/pgs-core-580-missing-authorization-via-multiple-functions</loc>
<lastmod>2025-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-display/team-builder-meet-the-team-13-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2025-02-17T15:39:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft/infusionsoft-gravity-forms-add-on-1511-reflected-cross-site-scripting</loc>
<lastmod>2016-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comicbookmanagementsystemweeklypicks/comic-book-management-system-220-authenticated-administrator-sql-injection</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-cognito/login-with-cognito-146-authentication-bypass</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-viewer/all-in-one-image-viewer-block-102-unauthenticated-server-side-request-forgery-via-image-proxy-endpoint</loc>
<lastmod>2026-02-04T20:41:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventbee-ticketing-widget/eventbee-ticketing-widget-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T14:55:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weforms/weforms-easy-drag-drop-contact-form-builder-for-wordpress-1617-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-136-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-dashboard/google-analytics-dashboard-211-reflected-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/critical-site-intel-stats/critical-site-intel-10-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwords-manager/passwords-manager-144-cross-site-scripting-via-pwdms_csv_category-parameter</loc>
<lastmod>2022-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-free/easy-accordion-2021-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-175-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-event-banner/event-banner-13-cross-site-request-forgery</loc>
<lastmod>2021-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kish-guest-posting/kish-guest-posting-11-arbitrary-file-upload</loc>
<lastmod>2012-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-31111-authenticated-contributor-stored-cross-site-scripting-in-multiple-widgets</loc>
<lastmod>2025-01-22T08:24:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hyp3rl0cal-city-search/ctygrid-hyp3rl0cal-search-wordpress-plugin-0111-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-store-kit/ultimate-store-kit-elementor-addons-woocommerce-builder-edd-builder-elementor-store-builder-product-grid-product-table-woocommerce-slider-230-missing-authorization</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xcare/xcare-65-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eleganzo/eleganzo-12-authenticated-subscriber-arbitrary-directory-deletion</loc>
<lastmod>2026-04-14T11:01:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raise-the-money/raise-the-money-52-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro/image-map-pro-6020-missing-authorization-to-authenticated-contributor-map-project-addupdatedelete</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-149-authenticated-contributor-stored-cross-site-scripting-via-table-of-contents-widget</loc>
<lastmod>2025-04-17T20:56:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ixml/ixml-google-xml-sitemap-generator-06-reflected-cross-site-scripting-via-ixml_email-parameter</loc>
<lastmod>2026-02-18T15:56:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-nested-menu/simple-nested-menu-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery-via-ucss_connect</loc>
<lastmod>2023-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-tabs/responsive-tabs-4010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3297-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16927-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-debugging/wp-debugging-2102-unauthenticated-plugin-settings-update</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-250-cross-site-request-forgery</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tdo-mini-forms/tdo-mini-forms-0139-arbitrary-file-upload</loc>
<lastmod>2012-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirects/redirects-121-missing-authorization-via-save</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-script-com/cookie-scriptcom-121-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elo-rating-shortcode/elo-rating-shortcode-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-access-manager/user-access-manager-208-reflected-cross-site-scripting</loc>
<lastmod>2017-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adplugg/adplugg-wordpress-ad-plugin-1134-cross-site-scripting</loc>
<lastmod>2015-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1111-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exit-strategy/wordpress-exit-strategy-155-cross-site-request-forgery</loc>
<lastmod>2013-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3111-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcodefactory-helper/wpfactory-helper-152-reflected-cross-site-scripting-via-item_slug</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-license-manager/quick-license-manager-woocommerce-plugin-2417-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T19:19:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenmart/greenmart-423-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-154-cross-site-request-forgery</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/statpresscn/statpresscn-191-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-kit-for-elementor-137-missing-authorization-to-unauthenticated-private-course-disclosure</loc>
<lastmod>2026-03-14T00:34:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plausible-analytics/plausible-analytics-122-stored-cross-site-scripting</loc>
<lastmod>2022-04-07T10:58:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-styling/wp-post-styling-130-cross-site-request-forgery</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oshine-core/oshine-core-155-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cron-manager/advanced-cron-manager-debug-control-252-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-easy-calendar/event-easy-calendar-100-cross-site-scripting</loc>
<lastmod>2013-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects-addon-bulk-uploader/simple-301-redirects-addon-bulk-uploader-124-missing-authorization</loc>
<lastmod>2019-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-category-dropdown/wp-category-dropdown-18-authenticated-contributor-stored-cross-site-scripting-via-align-parameter</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlp-portfolio/portfolio-wordpress-portfolio-plugin-2810-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dop-shortcodes/dop-shortcodes-12-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blue-captcha/blue-captcha-174-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-video-lesson-manager/video-lessons-manager-172-and-video-lessons-manager-pro-359-stored-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-addon-for-elementor/image-hover-effects-elementor-addon-144-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-smart-filters/jetsmartfilters-381-unauthenticated-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-protect-login-form-206-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-automated-link-building/internal-links-manager-252-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dash/dash-13-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-28-reflected-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbot-pro/wpbot-pro-wordpress-chatbot-1270-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reservation-studio-widget/reservationstudio-widget-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dragfy-addons-for-elementor/dragfy-addons-for-elementor-102-missing-authorization-via-save_settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-catalog-enquiry/product-catalog-enquiry-for-woocommerce-by-multivendorx-505-cross-site-request-forgery-via-rest-api</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analogwp-templates/style-kits-180-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/overworld/overworld-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupbuddy/backupbuddy-882-reflected-cross-site-scripting</loc>
<lastmod>2023-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/networker/networker-120-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/realteo/realteo-123-reflected-cross-site-scripting</loc>
<lastmod>2021-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wowpth/wowpth-20-reflected-cross-site-scripting</loc>
<lastmod>2025-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-431-admin-sql-injection</loc>
<lastmod>2021-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-117-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scratch-win-giveaways-for-website-facebook/scratch-win-giveaways-and-contests-271-cross-site-request-forgery-via-reset_installation-function</loc>
<lastmod>2025-01-03T19:18:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-merchant/video-merchant-504-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2025-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-514-missing-authorization-to-arbitrary-shortcode-execution-via-userpro_shortcode_template</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendgrid-email-delivery-simplified/sendgrid-1118-authorization-bypass</loc>
<lastmod>2021-07-21T15:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp2go/smtp2go-142-authenticated-administrator-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-694-reflected-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-any/addtoany-share-buttons-1714-http-host-header-injection</loc>
<lastmod>2017-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps/google-maps-213-reflected-cross-site-scripting</loc>
<lastmod>2016-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-elementor-widgets-147-authenticated-contributor-stored-cross-site-scripting-vulnerability-via-image-hotspot-widget</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pinterest-site-verification/pinterest-site-verification-plugin-using-meta-tag-18-authenticated-subscriber-stored-cross-site-scripting-via-post_var</loc>
<lastmod>2026-04-07T17:37:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-357-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-reflected-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform-pro/buddyboss-platform-pro-2701-authentication-bypass-via-apple-oauth-provider</loc>
<lastmod>2025-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2172-reflected-cross-site-scripting-via-import-tool</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-grabber/content-grabber-10-authenticated-admin-cross-site-scripting</loc>
<lastmod>2015-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberfindme/membershipworks-614-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-11T19:16:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-grab/grab-save-104-cross-site-request-forgery</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/calliope/calliope-1033-cross-site-request-forgery</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bw-zenny/zenny-175-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shibboleth/shibboleth-16-reflected-cross-site-scripting</loc>
<lastmod>2016-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-2812-unauthenticated-command-injection</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-get-more-website-traffic-email-subscribers-and-social-followers-11219-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-18T19:41:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-related-products/smart-related-products-206-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-board-pro/wp-job-board-pro-1285-unauthenticated-privilege-escalation-via-process_register</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-cooliris-gallery/nextgen-cooliris-gallery-07-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gd-security-headers/gd-security-headers-161-reflected-cross-site-scripting</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-892-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-834-authenticated-contributor-stored-cross-site-scripting-via-posts-slider-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-quick-front-end-editor/wp-quick-frontend-editor-55-reflected-cross-site-scripting</loc>
<lastmod>2021-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-3151-cross-site-request-forgery</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-boards/fluentboards-147-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mxchat-basic/mxchat-ai-chatbot-for-wordpress-255-unauthenticated-information-exposure</loc>
<lastmod>2025-12-02T14:25:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stars-smtp-mailer/stars-smtp-mailer-17-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-manager/custom-field-manager-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css3_web_pricing_tables_grids/css3-compare-pricing-tables-for-wordpress-116-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-push-notifications/ultimate-push-notifications-119-missing-authorization</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2842-authenticated-contributor-stored-dom-based-cross-site-scripting-via-button-widget</loc>
<lastmod>2024-10-29T00:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-authorization-bypass-to-term-disclosure</loc>
<lastmod>2017-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcb/wpcb-248-reflected-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.4/wordpress-core-541-reflected-cross-site-scripting</loc>
<lastmod>2020-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexi-quote-rotator/flexi-quote-rotator-094-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-smart-filters/jetsmartfilters-368-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-434-privilege-escalation-via-registration</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/trendy-news/trendy-news-1015-cross-site-request-forgery</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-492-cross-site-request-forgery-to-data-export</loc>
<lastmod>2025-12-11T21:20:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-management-for-woocommerce/woocommerce-category-banner-management-110-missing-authorization</loc>
<lastmod>2018-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-gate/age-gate-2134-open-redirect</loc>
<lastmod>2022-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woffice-core/woffice-core-5421-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-files-upload-woocommerce/checkout-files-upload-for-woocommerce-225-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitywp-merge-tags/gravitywp-merge-tags-144-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-filter-posts/post-grid-master-3414-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-post/wp-discord-post-210-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockart-blocks/blockart-blocks-2215-authenticated-author-stored-cross-site-scripting-via-clientid-block-attribute</loc>
<lastmod>2026-04-10T12:03:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-active-campaign/integration-for-activecampaign-and-contact-form-7-wpforms-elementor-ninja-forms-111-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sentence-to-seo/sentence-to-seo-keywords-description-and-tags-10-authenticated-administrator-stored-cross-site-scripting-via-permanent-keywords-field</loc>
<lastmod>2026-04-21T19:05:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-140-cross-site-request-forgery</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-398-unauthenticated-privilege-escalation</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/birthdays-widget/birthdays-widget-1718-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-462-authenticated-contributor-stored-cross-site-scripting-via-fifu_input_url</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar/modern-events-calendar-7320-missing-authorization</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-chatbox-manager/chatbox-manager-125-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beds24-online-booking/beds24-online-booking-2025-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-397-missing-authorization-to-initial-page-creation</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-433-authenticated-contributor-stored-cross-site-scripting-via-shortcode-error-message</loc>
<lastmod>2024-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/same-but-different/same-but-different-related-posts-by-taxonomy-1016-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T16:07:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmpress/whmpress-62-revision-5-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/repairbuddy-41132-unauthenticated-information-exposure</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rentic/rentic-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wccp-pro/wp-content-copy-protection-no-right-click-pro-150-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro/userpro-510-cross-site-request-forgery-to-stored-cross-site-scripting-via-userpro_save_userdata</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-affiliate-links/easy-affiliate-links-370-authenticated-contributor-stored-cross-site-scripting-via-block-settings</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blocks-hub/wp-blocks-hub-102-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-03T13:31:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-146-missing-authorization</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-413-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gestpay-for-woocommerce/gestpay-for-woocommerce-20221130-cross-site-request-forgery-csrf-via-ajax_set_default_card</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/store-exporter-for-woocommerce-export-products-export-orders-export-subscriptions-and-more-2721-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:46:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/visual-website-collaboration-feedback-project-management-atarim-409-missing-authorization-to-authenticated-subscriber-project-pagefile-deletion</loc>
<lastmod>2025-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child-reports/mainwp-child-reports-226-missing-authorization-to-authenticated-subscriber-information-disclosure-via-heartbeat-api</loc>
<lastmod>2026-04-07T15:21:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jsfiddle-shortcode/jsfiddle-shortcode-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-email-marketing-newsletters-automation-for-wordpress-woocommerce-5734-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schedule-posts-calendar/schedule-posts-calendar-52-cross-site-request-forgery</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-114-cross-site-request-forgery-to-plugin-de-installation</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobmonster-addon/jobmonster-elementor-addon-114-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-limit-failed-login-attempts/limit-login-attempts-spam-protection-29-cross-site-request-forgery-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpseo-local/yoast-seo-local-148-cross-site-request-forgery</loc>
<lastmod>2023-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-795-multiple-cross-site-scripting</loc>
<lastmod>2014-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/holler-box/hollerbox-fast-effective-popups-lead-generation-23101-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-builder/wdcontactformbuilder-1024-authenticated-blind-sql-injection</loc>
<lastmod>2015-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-power-tools/client-power-tools-portal-190-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-068-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl-pro-multisite/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-071-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kiamo/kiamo-responsive-business-service-wordpress-theme-136-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-arbitrary-file-deletion</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-random-posts-shortcode/simple-random-posts-shortcode-03-authenticated-contributor-stored-cross-site-scripting-via-container_right_width-shortcode-attribute</loc>
<lastmod>2026-04-21T19:02:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-2110-authenticated-tutor-instructor-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manycontacts-bar/whatsapp-click-to-chat-304-reflected-cross-site-scripting</loc>
<lastmod>2025-01-08T22:03:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300080-unauthenticated-privilege-escalation-in-ajax_signup</loc>
<lastmod>2025-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shieldgroup/shieldgroup-213-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-432-cross-site-scripting-via-shortcodes</loc>
<lastmod>2018-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-224-authenticated-subscriber-arbitrary-function-call</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wowhead-tooltips/wowhead-tooltips-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-cross-site-request-forgery-to-theme-image-change</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/the-plus-blocks-for-block-editor-gutenberg-325-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meetup/meetup-01-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-615-missing-authorization-via-wpas_load_reply_history</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kingcabs/kingcabs-119-authenticated-contributor-stored-cross-site-scripting-via-progressbarlayout-parameter</loc>
<lastmod>2025-12-12T15:30:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/configure-smtp/configure-smtp-31-reflected-cross-site-scripting</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elizaibot-chatbots/elizaibots-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rara-business/rara-business-125-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-106-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T18:42:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123contactform-for-wordpress/123contactform-for-wordpress-156-arbitrary-post-creation</loc>
<lastmod>2021-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourmaster/tour-master-tour-booking-travel-hotel-537-authenticated-subscriber-sql-injection-via-review_id-parameter</loc>
<lastmod>2025-02-17T21:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Grimag/grimag-110-open-redirection</loc>
<lastmod>2014-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorizer/phpcas-authentication-library-160-service-hostname-discovery-exploitation</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-734-multiple-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1317-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-restaurant/js-restaurant-all-versions-sql-injection</loc>
<lastmod>2013-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-381-reflected-cross-site-scripting-via-page</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-addons-for-elementor/super-addons-for-elementor-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-185-authenticated-administrator-local-javascript-file-inclusion</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-121-authenticatedcontributor-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-221-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-pledge-connect/click-pledge-connect-2504010101-wp68-unauthenticated-sql-injection-to-privilege-escalation</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-11411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-41-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-colorbox/jquery-colorbox-463-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3132-authenticated-contributor-stored-cross-site-scripting-via-mercury-widget</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rf/rf-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brand-my-footer/brand-my-footer-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-users-exporter/wp-users-exporter-142-csv-injection</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pingmeter-uptime-monitoring/pingmeter-uptime-monitoring-103-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T20:09:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-100-file-upload-to-user-controlled-location</loc>
<lastmod>2016-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-612-unauthenticated-php-object-injection</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2811-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/report-comments/ajax-report-comments-204-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-08T15:05:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appsplate/appsplate-213-unauthenticated-sql-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heat-trackr/heat-trackr-101-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-manager-light/content-manager-light-32-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2112-reflected-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customify-sites/customify-site-library-009-unauthenticated-remote-code-execution</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/consulting/consulting-675-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/claptastic-clap-button/claptastic-clap-button-13-cross-site-scripting</loc>
<lastmod>2016-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-joomla-to-wordpress/fg-drupal-to-wordpress-3670-cross-site-request-forgery-via-ajax_importer</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-442-insecure-direct-object-reference-to-arbitrary-attachment-deletion</loc>
<lastmod>2024-06-03T16:39:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-882-missing-authorization-to-authenticated-subscriber-arbitrary-post-meta-deletion-via-b2s_reset_social_meta_tags-ajax-action</loc>
<lastmod>2026-03-25T14:26:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/law-office/law-office-330-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-booking-calendar/appointment-booking-calendar-1382-cross-site-request-forgery</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/norby-ai/norby-ai-103-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T16:26:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ez-portfolio/ez-portfolio-unmaintained-102-cross-site-scripting</loc>
<lastmod>2015-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-16-cross-site-scripting</loc>
<lastmod>2016-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-counter/google-analytics-counter-tracker-341-unauthenticated-php-object-injection</loc>
<lastmod>2016-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupbuddy/backupbuddy-30-authentication-bypass</loc>
<lastmod>2013-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lightbox-plus/lightbox-plus-272-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2016-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/regina-lite/regina-lite-207-reflected-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5226-cross-site-request-forgery</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/preservation/preservation-110-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nginx-cache-optimizer/nginx-cache-optimizer-11-missing-authorization-to-authenticated-subscriber-dynamic-caching-exclusion-update</loc>
<lastmod>2025-10-23T20:08:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olive-one-click-demo-import/olive-one-click-demo-import-112-unauthenticated-information-exposure</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amtythumb/amtythumb-420-authenticated-sql-injection</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-tweaker-lite/theme-tweaker-520-cross-site-request-forgery</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpt-whatsapp/whatsapp-click-to-chat-plugin-for-wordpress-2212-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-pricing-list/cryptocurrency-pricing-list-and-ticker-15-reflected-cross-site-scripting</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bnfw/better-notifications-for-wp-192-cross-site-request-forgery-via-handle_actions</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-471-reflected-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-401-authenticatedcontributor-stored-cross-site-scripting-via-mf-template-dom-element</loc>
<lastmod>2025-07-29T07:07:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ux-flat/ux-flat-540-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-143-missing-authorization-to-settings-update</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-post-type/acpt-pro-custom-post-types-plugin-for-wordpress-2047-unauthenticated-remote-code-execution</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-377-missing-authorization-to-authenticated-contributor-arbitrary-media-attachment-creation-via-kadence_import_process_patternkadence_import_process_data-ajax-actions</loc>
<lastmod>2026-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-post-grid/the-post-grid-727-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-219-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatesnext-toolkit/templatesnext-toolkit-327-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-facebook-comments/ultimate-social-comments-email-notification-lazy-load-148-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-867-authenticated-contributor-local-file-inclusion-via-header_layout</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-media-download/easy-media-download-114-stored-cross-site-scripting</loc>
<lastmod>2020-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-importer-plus/demo-importer-plus-206-authenticated-author-arbitrary-file-upload-via-wxr-upload-bypass</loc>
<lastmod>2025-12-04T14:25:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-me/donate-me-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-582-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10228-missing-authorization-to-unauthenticated-user-and-term-metadata-insert-update-and-delete</loc>
<lastmod>2024-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-unishippers-edition/ltl-freight-quotes-unishippers-edition-258-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T21:27:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sponsorme/sponsorme-052-reflected-cross-site-scripting-via-php_self-parameter</loc>
<lastmod>2026-05-19T12:08:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-639-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4220-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-314-admin-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mollie-payments-for-woocommerce/mollie-payments-for-woocommerce-802-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-desklite/wp-desklite-helpdesk-and-support-plugin-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-1133-missing-authorization-to-product-deletion</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-422-cross-site-scripting-via-comments</loc>
<lastmod>2015-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-642-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmr-strava-activities/nmr-strava-activities-1014-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-07T21:24:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-321-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpushr-web-push-notifications/webpushr-4340-missing-authorization-to-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmc-migrate/cmc-migrate-003-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonuspressx/bonuspressx-all-versions-cross-site-scripting</loc>
<lastmod>2014-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/netease-music/netease-music-321-missing-authorization</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-451-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tracking/order-tracking-3311-missing-authorization-via-send_test_email</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-534-missing-authorization-via-openai_file_delete_callback</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timesheet/help-center-by-bestwebsoft-015-reflected-cross-site-scripting</loc>
<lastmod>2017-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkworth-wp-plugin/linkworth-plugin-333-cross-site-request-forgery-to-plugin-setting-update</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-site-to-phone-by-qr-code/showing-url-in-qr-code-001-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/overton/overton-creative-wordpress-theme-for-agencies-and-freelancers-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-size-chart-for-woo/product-size-chart-for-woocommerce-115-cross-site-request-forgery-via-get_save_option</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2427-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/travelpayouts/travelpayouts-1016-cross-site-request-forgery</loc>
<lastmod>2021-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ck-and-syntaxhighlighter/ck-and-syntaxhighlighter-342-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-110282-cross-site-scripting</loc>
<lastmod>2019-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-315-reflected-cross-site-scripting-via-lang</loc>
<lastmod>2024-05-21T11:13:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/track-page-scroll/track-page-scroll-102-reflected-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publish-to-schedule/publish-to-schedule-454-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/odihost-easy-redirect-301/easy-301-redirects-133-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onepress/onepress-236-cross-site-request-forgery-via-save_settings</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avatar/avatar-014-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-image-slideshow/wp-image-slideshow-120-authenticated-subscriber-sql-injection-via-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-anywhere/shortcodes-anywhere-101-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-09T13:34:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fidalgo/fidalgo-122-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-232-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1278-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simplish/simplish-264-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dewplayer/advanced-dewplayer-16-missing-authorization</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epaybg-payments/epaybg-payments-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:11:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3400-authenticated-editor-sql-injection</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-interactive-maps/super-interactive-maps-23-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kapost-byline/kapost-229-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-wordpress-lms-plugin-for-elearning-762-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-06-04T19:34:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16106-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalpoll-lite/total-poll-lite-486-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra/wp-extra-64-cross-site-request-forgery-toolimport</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attachment-file-icons/attachment-file-icons-af-icons-13-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wappointment/wappointment-272-missing-authorization</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webhooks/webhooks-338-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-351-content-spoofing-attacks</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiter-x-core-485-missing-authorization-to-authenticated-library-sync</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-buttons-toolbar/social-media-follow-buttons-bar-473-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/all-import-pro-plugin-412-sql-injection</loc>
<lastmod>2020-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets-manager-for-woocommerce/event-tickets-manager-for-woocommerce-153-missing-authorization</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-location-and-ip/user-location-and-ip-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-cloudflare-turnstile/simple-captcha-alternative-with-cloudflare-turnstile-1380-broken-authorization</loc>
<lastmod>2026-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-everywhere/php-everywhere-203-authenticated-contributor-remote-code-execution-via-metabox</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-manager/contact-manager-865-authenticated-administrator-stored-cross-site-scripting-via-title</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-manager/debug-log-manager-220-cross-site-request-forgery</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-shield/link-shield-054-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T13:08:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-user/final-user-125-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-572-missing-authorization-to-authenticated-author-information-disclosure</loc>
<lastmod>2025-12-16T11:33:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/ads-by-wpquads-20871-unauthenticated-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipaymu-for-woocommerce/ipaymu-payment-gateway-for-woocommerce-202-missing-authentication-to-unauthenticated-payment-bypass-and-order-information-disclosure</loc>
<lastmod>2026-01-06T18:32:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/globallogistics/global-logistics-320-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-addons-by-bit14/web-and-woocommerce-addons-for-wpbakery-builder-1441-missing-authorization-checks</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-430-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-drag-and-drop-template-builder-460-authenticated-contributor-stored-cross-site-scripting-via-yeepdf_dotab-shortcode</loc>
<lastmod>2025-01-14T21:51:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kimili-flash-embed/kimili-flash-embed-253-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-163-missing-authorization-to-authenticated-subscriber-new-filter-creation</loc>
<lastmod>2024-12-06T12:01:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/mailoptin-12540-authenticated-admin-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-vector-icon-plugin/wp-svg-icons-323-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-471-472-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eps-301-redirects/301-redirects-easy-redirect-manager-251-sql-injection</loc>
<lastmod>2021-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-332-cross-site-request-forgery-via-edit_count_ajax</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-126-authenticated-custom-stored-cross-site-scripting</loc>
<lastmod>2024-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robotstxt-rewrite/robotstxt-rewrite-161-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-343-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shoutcast-icecast-html5-radio-player/shoutcast-icecast-html5-radio-player-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T20:13:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email/wp-email-2690-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-mailer-email-log-delivery-failure-notifications-and-best-mail-smtp-for-wordpress-287-unauthenticated-stored-cross-site-scripting-via-device</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/asf-allow-svg-files/allow-svg-files-10-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2020-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-260-277-information-disclosure-via-arbitrary-file-read</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicalequipment/medical-equipment-ecommerce-wordpress-theme-109-missing-authorization</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-3138-unauthenticated-content-spoofing</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointments/appointments-221-unauthenticated-php-object-injection</loc>
<lastmod>2017-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiraclethemes-site-library/spiraclethemes-site-library-154-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-wishlist/yith-woocommerce-wishlist-4130-unauthenticated-insecure-direct-object-reference-to-wishlist-rename</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-420-missing-authorization</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-tool/debug-tool-22-unauthenticated-remote-code-execution</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-attachments/download-attachments-1224-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crisp/crisp-044-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-design/woocommerce-product-design-100-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-attachments-for-woocommerce/order-attachments-for-woocommerce-251-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-27T20:12:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-5192-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zenon-lite/zenon-lite-19-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-07-17T14:01:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-egg/content-egg-700-authenticated-editor-php-object-injection</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-showcase-pro/testimonial-slider-and-showcase-pro-2315-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-532-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rig-elements/rig-elements-for-elementor-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-512-unauthenticated-privilege-escalation-via-membership-registration</loc>
<lastmod>2026-03-02T16:05:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sparkle-elementor-kit/sparkle-elementor-kit-209-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azon-addon-js-composer/amazon-affiliates-addon-for-wpbakery-page-builder-formerly-visual-composer-12-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myanime-widget/myanime-widget-10-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-predictive-search/woocommerce-predictive-search-580-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-page-builder-features-3237-authenticated-contributor-stored-cross-site-scripting-via-typer-effect</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-1610-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3641-cross-site-request-forgery-to-arbitrary-plugin-install-and-activation</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuxquote/tuxquote-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:22:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-46-cross-site-request-forgery</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pubnews/pubnews-107-authenticated-subscriber-arbitrary-plugin-installation</loc>
<lastmod>2024-12-05T16:47:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faq-1829-reflected-cross-site-scripting</loc>
<lastmod>2020-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-619-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2023-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-white-label/dk-white-label-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-60-unauthenticated-privilege-escalation-via-claim_business</loc>
<lastmod>2025-09-18T16:31:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-portfolio-post/themify-portfolio-post-130-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1218-1236-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icount/icount-payment-gateway-206-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-605-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-skitter-slideshow/skitter-slideshow-252-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ark-relatedpost/ark-related-posts-219-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-12-04T19:20:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-per-cat/posts-per-cat-unmaintained-142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmsmasters-elementor-addon/cmsmasters-elementor-addon-1147-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-globaltranz-edition/ltl-freight-quotes-globaltranz-edition-2311-unauthenticated-sql-injection</loc>
<lastmod>2025-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversios-google-analytics-4-ga4-meta-pixel-more-via-google-tag-manager-for-woocommerce-707-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-reorder-image-text-slider/advanced-reorder-image-text-slider-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-02T11:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-auto-links/auto-amazon-links-amazon-associates-affiliate-plugin-542-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easycommerce/easycommerce-ai-powered-blazing-fast-beautiful-wordpress-ecommerce-plugin-090-beta2-182-unauthenticated-privilege-escalation</loc>
<lastmod>2025-11-10T15:10:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/financio/financio-113-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-594-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-redirection/all-in-one-redirection-220-reflected-cross-site-scripting</loc>
<lastmod>2024-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/automation-by-autonami-282-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/astra-widgets/astra-widgets-1214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-free-template-library-grid-carousel-table-parallax-animation-register-form-twitter-grid-560-authenticated-contributor-stored-cross-site-scripting-via-panel-slider-widget</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminify/wp-adminify-4077-unauthenticated-sensitive-information-exposure-via-get-addons-list-rest-api</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pinterest-automatic/pinterest-automatic-pin-4190-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cslider/cslider-242-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-854-reflected-cross-site-scripting-via-customer-editing</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-45100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diza/diza-1315-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yop-poll/yop-poll-630-author-stored-cross-site-scripting-via-options-module</loc>
<lastmod>2021-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kalender-digital/calendaronline-kalenderdigital-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-product-add-ons/yith-woocommerce-product-add-ons-430-authenticatedshop-manager-php-object-injection</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fana/fana-1135-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-emails/woo-custom-emails-22-missing-authorization-to-unauthenticated-settings-change</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/uncode/uncode-2916-authenticated-subscriber-stored-cross-site-scripting-via-mle-description</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/wordpress-backup-and-migrate-plugin-backup-guard-103-arbitrary-file-upload</loc>
<lastmod>2016-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-timeline/awesome-wordpress-timeline-plugin-101-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-forms-anti-spam/maspik-256-authenticated-subscriber-missing-authorization-to-spam-log-export</loc>
<lastmod>2025-09-09T17:27:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wiser-review/wiserreview-product-reviews-for-woocommerce-29-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-42681-unauthenticated-bypass-to-user-registration</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formzu-wp/formzu-wp-166-authenticated-contributor-stored-cross-site-scripting-via-id</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-bar/progress-bar-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ablocks/ablocks-192-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yawpp/yawpp-yet-another-wordpress-petition-plugin-121-authenticated-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-tweet/click-to-tweet-2014-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-2599-authenticated-administrator-stored-cross-site-scripting-via-accept_other_payment_methods-other_payment_methods-parameters</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/photos-and-files-contest-gallery-contact-form-upload-form-social-share-and-voting-competition-plugin-for-wordpress-2130-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravitate-qa-tracker/gravitate-qa-tracker-121-object-injection</loc>
<lastmod>2017-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mapit/wp-mapit-271-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bft-autoresponder/arigato-autoresponder-and-newsletter-271-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/follow-my-blog-post/follow-my-blog-post-239-unauthenticated-information-exposure</loc>
<lastmod>2025-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-place-order-without-payment/wc-place-order-without-payment-267-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tornados/tornados-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-plugin/adpush-150-reflected-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editorial-calendar/editorial-calendar-3712-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-flickr-gallery/responsive-flickr-gallery-131-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-like-box/easy-social-box-page-plugin-412-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-10004-missing-authorization-to-authenticated-subscriber-map-engine-setting-modification</loc>
<lastmod>2026-01-24T04:04:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magazine-elite/magazine-elite-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitekit/sitekit-13-authenticated-contributor-stored-cross-site-scripting-via-sitekit_iframe-shortcode</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-11516-missing-authorization-in-check_score</loc>
<lastmod>2023-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-1011-authenticated-privilege-escalation</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-216-reflected-cross-site-scripting-via-postid</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spreadshop/spreadshop-plugin-165-cross-site-request-forgery</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/visual-website-collaboration-feedback-project-management-atarim-402-missing-authorization-to-authenticated-subscriber-settings-update</loc>
<lastmod>2024-08-09T13:41:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-0204-reflected-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-addons-and-templates-kit-for-elementor-171053-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-652-code-injection</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otw-portfolio-manager/portfolio-manager-pro-38-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search-tmc/jqueryfiletree-215-directory-traversal</loc>
<lastmod>2017-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fioxen/multiple-themes-by-gavias-various-versions-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesigntech-ultimate-booking-addon/wedesigntech-ultimate-booking-addon-101-authentication-bypass</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formality/formality-159-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slab-text/wp-responsive-auto-fit-text-02-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mw-wp-form/mw-wp-form-512-insecure-direct-object-reference-to-unauthenticated-sensitive-information-disclosure-via-post_id-query-parameter</loc>
<lastmod>2026-05-13T19:51:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kama-spamblock/kama-spamblock-182-reflected-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-5101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/3cx-free-live-chat-6203-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2016-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-photo-gallery-1873-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-150-176-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-397-missing-authorization-to-unauthenticated-arbitrary-billing-profile-overwrite-via-order_id-parameter</loc>
<lastmod>2026-04-09T12:40:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxpetition/cbx-petition-for-wordpress-103-unauthenticated-sql-injection</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-listing-widget/events-listing-widget-134-authenticated-author-stored-cross-site-scripting-via-event-url-field</loc>
<lastmod>2026-02-05T19:36:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-author-box-multiple-authors-guest-authors-custom-avatars-391-authenticated-contributor-sql-injection</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-dynamics/dynamics-365-integration-1323-authenticated-contributor-remote-code-execution-and-arbitrary-file-read-via-twig-server-side-template-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-travel-route/google-maps-travel-route-131-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eduma/eduma-576-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-3069-reflected-cross-site-scripting</loc>
<lastmod>2022-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/availability-calendar/availability-calendar-121-stored-cross-site-scripting</loc>
<lastmod>2021-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-21713-unauthenticated-draft-posts-information-exposure</loc>
<lastmod>2026-01-05T17:46:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cancel-order-request-woocommerce/cancel-order-request-woocommerce-132-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-253-authenticated-author-server-side-request-forgery</loc>
<lastmod>2025-11-18T17:10:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-288-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-menus/conditional-menus-126-cross-site-request-forgery-to-menu-options-update</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authenticator/authenticator-130-missing-authorization</loc>
<lastmod>2022-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/houzez/houzez-411-missing-authorization</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-and-replace-all/find-and-replace-all-13-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonsimpleadmin/affiliate-super-assistent-153-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livefyre-comments/livefyre-comments-3-414-stored-cross-site-scripting</loc>
<lastmod>2015-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2698-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-05-23T13:53:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-cookie-banner/real-cookie-banner-gdpr-eprivacy-cookie-consent-524-authenticated-admin-server-side-request-forgery-via-scan-without-login-endpoint</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delete-all-comments-easily/delete-all-comments-easily-13-all-comments-deletion-via-cross-site-request-forgery</loc>
<lastmod>2020-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-tinymce-shortcode-button/custom-tinymce-shortcode-button-11-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-395-authenticated-subscriber-information-disclosure-in-coupon-details-via-tutor_coupon_details-ajax-action</loc>
<lastmod>2026-02-02T18:49:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartifw/smart-icons-for-wordpress-104-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-04-01T20:28:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/single-post-exporter/single-post-exporter-111-cross-site-request-forgery</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captainform/forms-by-captainform-253-reflected-cross-site-scripting-via-request_uri</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webba-booking-lite/webba-booking-4221-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/precious-metals-automated-product-pricing-pro/precious-metals-automated-product-pricing-pro-405-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-3041-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-for-woocommerce/stripe-for-woocommerce-300-339-missing-authorization-controls-to-financial-account-hijacking</loc>
<lastmod>2021-10-01T15:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-posts-carousel/wp-posts-carousel-137-authenticated-contributor-stored-cross-site-scripting-via-auto_play_timeout-parameter</loc>
<lastmod>2025-03-01T00:08:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-elementor-addons/wpzoom-addons-for-elementor-1210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-pricing/wholesale-for-woocommerce-230-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pre-orders/woocommerce-pre-orders-201-reflected-cross-site-scripting</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2408-cross-site-request-forgery</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-tweet/click-to-tweet-2014-missing-authorization</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-page-builder-drag-and-drop-website-builder-21005-authenticated-custom-missing-authorization-to-stored-cross-site-scripting-via-global-settings</loc>
<lastmod>2026-02-10T12:42:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6215-authenticated-subscriber-plugin-settings-change</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/holiday-class-post-calendar/holiday-class-post-calendar-71-unauthenticated-remote-code-execution-via-contents</loc>
<lastmod>2025-11-10T14:59:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-free-wordpress/spam-free-wordpress-193-ip-protection-bypass</loc>
<lastmod>2013-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-authenticated-settings-and-user-data-export</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickcal/quickcal-1015-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-137-unauthenticated-arbitrary-block-shortcode-execution</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingor/bookingor-1012-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ahime-image-printer/ahime-image-printer-100-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-171-html-injection</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-365-authenticated-contributor-stored-cross-site-scripting-via-atkp_product-shortcode</loc>
<lastmod>2024-10-28T21:04:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fan-page/fan-page-101-authenticated-contributor-stored-cross-site-scripting-via-width-parameter</loc>
<lastmod>2025-07-28T20:27:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/client-dash/client-dash-221-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-image-sitemap/advanced-image-sitemap-12-reflected-cross-site-scripting</loc>
<lastmod>2022-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/storeengine/storeengine-powerful-wordpress-ecommerce-plugin-for-payments-memberships-affiliates-sales-more-150-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordprezi/wordprezi-082-authenticated-contributor-strored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-13012-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quickwebp/quickwebp-compress-optimize-images-convert-webp-seo-friendly-327-authenticated-contributor-arbitrary-file-deletion</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-plugin-3113-stored-cross-site-scripting</loc>
<lastmod>2020-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elespare/elespare-build-your-blog-news-magazine-websites-with-expert-designed-template-kits-one-click-import-no-coding-skills-required-212-missing-authorization-to-subscriber-arbitrary-post-creation</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-421-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberlite-shortcodes/memberlite-shortcodes-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/foton/foton-252-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialmark/socialmark-207-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-4229-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-pre-order/pre-order-addon-for-woocommerce-advance-orderbackorder-plugin-22-reflected-cross-site-scripting</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flashy-marketing-automation/flashy-marketing-automation-208-cross-site-request-forgery</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cobwebo-url/cobwebo-url-plugin-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-341-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-154-cross-site-request-forgery</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2253-authenticated-admin-php-object-injection</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hc-custom-wp-admin-url/hc-custom-wp-admin-url-14-information-exposure</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliatewp-external-referral-links/affiliatewp-external-referral-links-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmap-embed/maps-plugin-using-google-maps-for-wordpress-wp-google-map-193-maps-plugin-using-google-maps-for-wordpress-wp-google-map-193-authenticated-admin-stored-cross-site-scripting-via-markers</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-77-authenticated-author-local-file-inclusion</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conditional-checkout-fields-for-woocommerce/conditional-checkout-fields-edit-checkout-fields-for-woocommerce-123-missing-authorization</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-219-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio/portfolio-258-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-flow-dashboard/fast-flow-1216-reflected-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fastdup/fastdup-219-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-518-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-filterable-portfolio/awesome-filterable-portfolio-197-missing-authorization-to-plugin-settings-change</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-tiles/easy-wp-tiles-1-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsmanapp/newsmanapp-277-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-page-feed-graph-api/mongoose-page-plugin-183-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wisdm-reports-for-learndash/learndash-lms-reports-free-1821-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2024-07-08T20:01:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-and-remote-arrows-51029-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid-accordion-lite/grid-accordion-lite-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:02:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/otp-login-with-phone-number-otp-verification-1860-unauthenticated-authentication-bypass-via-firebase-otp-verification</loc>
<lastmod>2026-05-28T17:56:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-192-reflected-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-users-to-csv/export-users-to-csv-111-csv-injection</loc>
<lastmod>2018-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-videos/video-gallery-youtube-gallery-176-missing-authorization</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-loyal-customer/woocommerce-loyal-customers-26-missing-authorization</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-261-authenticatedcontributor-information-exposure</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/carts-guru/carts-guru-145-php-object-injection</loc>
<lastmod>2019-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aceide/aceide-262-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/torod/torod-19-unauthenticated-sql-injection</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-2798-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-seo-pack/all-in-one-seo-pack-4811-authenticated-contributor-stored-cross-site-scripting-via-post-meta-description-and-canonical-url</loc>
<lastmod>2025-05-18T16:21:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite-pro/pixelyoursite-your-smart-pixel-tag-api-manager-971-and-pixelyoursite-pro-1042-unauthenticated-information-exposure-and-log-deletion</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/wp-slimstat-48-unauthenticated-stored-cross-site-scripting-from-visitors</loc>
<lastmod>2019-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-302-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-elementor/essential-addons-for-elementor-pro-5811-authenticated-contributor-stored-cross-site-scripting-via-title_html_tag</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-page-speed-extension/mainwp-page-speed-extension-402-missing-authorization-to-arbitrary-plugin-activation</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magazine-blocks/magazine-blocks-136-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-214-authenticated-contributor-stored-cross-site-scripting-via-course-carousel-widget</loc>
<lastmod>2024-08-19T16:30:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-531-authenticated-subscriber-sql-injection-via-args-parameter</loc>
<lastmod>2026-02-10T12:36:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tito/tito-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-postings/jobs-for-wordpress-275-reflected-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-rights-access-manager/user-rights-access-manager-112-missing-authorization</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/entredropper/entredroppers-112-reflected-cross-site-scripting-via-php_self-parameter</loc>
<lastmod>2026-06-23T16:40:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-51533-unauthenticated-blind-sql-injection</loc>
<lastmod>2021-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-225-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-155-reflected-cross-site-scripting</loc>
<lastmod>2015-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/welldone/welldone-sports-store-wordpress-theme-24-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wanderland/wanderland-15-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locatoraid/locatoraid-store-locator-3911-cross-site-request-forgery-in-grab</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/preschool-and-kindergarten/preschool-and-kindergarten-121-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-3411-unauthenticated-sql-injection</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crawlomatic-multipage-scraper-post-generator/crawlomatic-multipage-scraper-post-generator-272-authenticated-author-remote-code-execution-via-callback_raw-shortcode-attribute</loc>
<lastmod>2026-05-27T17:20:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-277-cross-site-scripting</loc>
<lastmod>2020-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpnakama/wpnakama-065-unauthenticated-sql-injection-via-order-rest-api-parameter</loc>
<lastmod>2026-02-17T20:24:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-284-remote-code-execution</loc>
<lastmod>2016-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/waiting/waiting-one-click-countdowns-062-cross-site-request-forgery</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thecs/thecs-147-reflected-cross-site-scripting</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-builder/make-builder-1110-authenticated-subscriber-server-side-request-forgery-via-make_builder_ajax_subscribe-function</loc>
<lastmod>2025-03-21T18:21:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-286-cross-site-request-forgery-to-membership-status-change</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-support-system/woocommerce-support-system-122-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11129-authenticated-contributor-blind-server-side-request-forgery-via-mepr-user-file-shortcode</loc>
<lastmod>2024-05-21T20:06:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-science-designer/print-science-designer-13152-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-11T18:17:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-matted-thumbnails/simple-matted-thumbnails-101-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updraftplus/updraftplus-wordpress-backup-1963-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-provider-profile-cpt/setmore-theme-custom-post-types-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-217-authenticated-subscriber-local-file-include-server-side-request-forgery-and-phar-deserialization-via-file_get_contents</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-3316-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-432-authenticated-admin-php-object-injection</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top_bar_promoter/xpromoter-134-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-abandoned-cart-recovery/abandoned-cart-recovery-for-woocommerce-1110-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-simple-registration/simple-registration-for-woocommerce-156-unauthenticated-privilege-escalation</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breeze/breeze-208-cross-site-request-forgery-via-import_json_settings</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-1030-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-reservations/quick-restaurant-reservations-154-cross-site-request-forgery</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-528-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-475-authorization-bypass-allowing-post-meta-updates</loc>
<lastmod>2017-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-wp-admin/protect-wp-admin-41-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staff-directory-pro/company-directory-43-reflected-cross-site-scripting-via-add_query_arg-function</loc>
<lastmod>2025-03-04T21:16:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bugsnag/error-monitoring-by-bugsnag-163-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hola-free-video-player/hola-free-video-player-139-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-friendly-flickr-slideshow/responsive-flickr-slideshow-261-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:28:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phastpress/phastpress-1110-open-redirect</loc>
<lastmod>2021-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordspew/wordspew-371-sql-injection</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-347-unauthenticated-subscriber-download</loc>
<lastmod>2018-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cal-com/calcom-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-to-zapier/forms-to-zapier-integromat-ifttt-workato-automateio-elasticio-builtio-apiant-webhook-1112-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getgenie/getgenie-432-insecure-direct-object-reference-to-authenticated-author-arbitrary-post-overwritedeletion</loc>
<lastmod>2026-03-12T19:28:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-store-mode/woo-store-mode-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minify-html-markup/minify-html-2110-regular-expressions-denial-of-service</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgform/google-forms-095-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-ratings/comments-ratings-117-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-6201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invite-anyone/invite-anyone-1314-change-of-email-invitation-content</loc>
<lastmod>2017-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8110-excessive-quiz-attempts</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/detailx/detailx-1100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-smtp/fluentsmtp-222-authenticated-author-stored-cross-site-scripting-via-email-logs</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restricted-site-access/restricted-site-access-741-ip-spoofing-to-protection-mechanism-bypass</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fashion2/fashion-530-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordapp/wordapp-160-authorization-bypass-through-use-of-insufficiently-unique-cryptographic-signature</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seers-cookie-consent-banner-privacy-policy/seers-gdpr-ccpa-cookie-consent-compliance-810-cross-site-request-forgery</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-427-authenticatedcontributor-stored-cross-site-scripting-via-custom-js</loc>
<lastmod>2024-05-31T18:10:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-1166-authenticated-administrator-remote-code-execution-via-backup-settings</loc>
<lastmod>2024-11-26T00:50:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-2091-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/api-key-for-google-maps/api-key-for-google-maps-121-cross-site-request-forgery</loc>
<lastmod>2022-06-08T10:50:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/top-store/top-store-154-authenticated-subscriber-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-search/bp-profile-search-55-reflected-cross-site-scripting-via-bps_form</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2116-reflected-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/judgeme-product-reviews-woocommerce/judgeme-product-reviews-for-woocommerce-1320-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-redsys-gateway-light/payment-gateway-for-redsys-woocommerce-lite-700-improper-verification-of-cryptographic-signature-to-unauthenticated-payment-status-manipulation</loc>
<lastmod>2026-04-15T16:43:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-comment-disclosure</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sticky-sidebar/wp-cta-sticky-cta-builder-generate-leads-promote-sales-212-missing-authorization</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/diza/diza-138-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-addon-easy-canadian-sales-taxes/easy-canadian-sales-taxes-add-on-for-ithemes-exchange-110-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/organizer/organizer-121-multiple-cross-site-scripting</loc>
<lastmod>2012-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ba-book-everything/ba-book-everything-1816-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-20192-missing-authorization</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-testimonial/gs-testimonial-slider-196-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wordpress-plugin-wplegalpages-11-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-toolkit/user-toolkit-123-authenticated-subscriber-authentication-bypass</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsticker/news-ticker-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-443-unauthenticated-stored-cross-site-scripting-via-user-agent</loc>
<lastmod>2024-05-21T18:29:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryptocurrency-widgets-pack/cryptocurrency-widgets-pack-181-unauthenticated-sql-injection</loc>
<lastmod>2022-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-274-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-182-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prime-mover/prime-mover-192-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-294116-sql-injection</loc>
<lastmod>2015-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slide-banners/slide-banners-13-missing-authorization</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-of-use-2/terms-of-use-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wordpress-wp-advanced-search-333-remote-code-execution</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/totalcontest-lite/total-contest-lite-281-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsvg-lite-interactive-vector-maps/mapsvg-lite-330-cross-site-request-forgery</loc>
<lastmod>2019-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-email-marketing-newsletter-email-automation-woocommerce-emails-1195-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-cross-site-request-forgery-via-ajax_clone_folder</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-3d-flipbook-powered-physics-engine/3d-flipbook-pdf-flipbook-wordpress-1153-authenticated-contributor-stored-cross-site-scripting-via-bookmarks</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tagmaker/wp-tagmaker-022-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-events-manager/ovatheme-events-manager-185-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-easy-automation-integration-webhooks-workflow-builder-plugin-7003-authenticated-administrator-server-side-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2026-03-02T12:35:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hls-player/hls-player-1010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-27T20:29:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-capcha-box/comments-capcha-box-11-reflected-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plethora-tabs-accordions/plethora-plugins-tabs-accordions-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterbip-for-elementor/masterbip-para-elementor-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode-site-under-construction/wp-maintenance-mode-site-under-construction-182-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20242-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-194-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-settings/advanced-settings-311-cross-site-request-forgery</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-quickview/quick-view-for-woocommerce-2217-unauthenticated-private-product-disclosure</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/computer-repair-shop/crm-wordpress-plugin-repairbuddy-38120-missing-authorization-to-account-takeoverprivilege-escalation</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-the-gathering-card-tooltips/magic-the-gathering-card-tooltips-340-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-code-snippets/easy-code-snippets-102-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexter-extension/nexter-extension-441-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-firewall-malware-scan-611-616-reflected-cross-site-scripting</loc>
<lastmod>2016-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highland-software-custom-role-manager/highland-software-custom-role-manager-100-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-04-26T14:20:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-ultralight/ultralight-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animal-captcha/animal-captcha-162-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-rating/multi-rating-506-cross-site-request-forgery-to-arbitrary-ratings-value-change</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-172-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2017-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-bar/cookie-bar-20-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploadcare/uploadcare-file-uploader-and-adaptive-delivery-beta-3011-cross-site-request-forgery</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postmarkapp-email-integrator/postmarkapp-email-integrator-24-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-02-18T15:45:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fana/fana-1128-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cognito-forms/cognito-forms-207-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-12-11T15:39:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forms-rb/forms-rb-119-missing-authorization-to-authenticated-contributor-arbitrary-modification-via-form_id-parameter</loc>
<lastmod>2026-05-11T19:05:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-911-stored-cross-site-scripting</loc>
<lastmod>2019-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faq-211-missing-authorization-to-arbitrary-faq-creation</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc4bp/buddypress-woocommerce-my-account-integration-create-woocommerce-member-pages-3419-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kenta-blocks/kenta-gutenberg-blocks-107-missing-authorization</loc>
<lastmod>2022-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directiq-wp/directiq-email-marketing-20-unauthenticated-sql-injection</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1152-reflected-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onlyoffice/onlyoffice-docs-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-contact/best-contact-management-software-373-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-docs/buddypress-docs-224-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-document-readupdate</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solace-extra/solace-extra-132-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/choreo/choreo-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-best-membership-plugin-for-all-kinds-of-memberships-content-restriction-paywalls-member-access-subscriptions-230815-information-exposure</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sorttable-post/sorttable-post-42-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-26T14:21:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3177-reflected-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restropress/restropress-282-cross-site-request-forgery-to-cart-manipulation</loc>
<lastmod>2021-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-block/button-block-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-4030-open-redirect</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-xml-reader/advanced-xml-reader-plugin-034-xml-external-entity-injection</loc>
<lastmod>2013-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourmembers/yourmembers-30-sql-injection</loc>
<lastmod>2014-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-register-profile-with-shortcode/wp-register-profile-with-shortcode-362-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/originality-ai/originalityai-ai-checker-1015-missing-authorization-to-authenticated-subscriber-scan-log-deletion-via-ai_scan_result_remove</loc>
<lastmod>2025-10-23T19:37:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-blocks/gutenberg-thim-blocks-101-authenticated-contributor-arbitrary-file-read-via-iconsvg-parameter</loc>
<lastmod>2026-01-16T15:00:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/monki/monki-205-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10402-redirect-creation-via-unprotected-rest-api-endpoint</loc>
<lastmod>2020-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gst-for-woocommerce/gst-for-woocommerce-20-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memeone/memeone-205-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-023-administrative-user-creation</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/downloader-tiktok/video-downloader-for-tiktok-14-server-side-request-forgery</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-webfonts-for-conoha/typesquare-webfonts-for-conoha-203-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ditty-news-ticker/ditty-3139-3145-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-custom-fields-taxonomies-light/filter-custom-fields-taxonomies-light-105-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-8603004-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ultimate-gift-card/woocommerce-ultimate-gift-card-create-sell-and-manage-gift-cards-with-customized-email-templates-296-unauthenticated-sql-injection</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kau-boys-backend-localization/backend-localization-19-reflected-cross-site-scripting</loc>
<lastmod>2012-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-222-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress-pro/loginpress-pro-501-authentication-bypass-via-wordpresscom-oauth-provider</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/ali2woo-lite-346-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-cross-site-scripting-via-multiple-vectors</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pardakht-delkhah/pardakht-delkhah-300-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thinkit-wp-contact-form/thinkit-wp-contact-form-plugin-03-cross-site-scripting</loc>
<lastmod>2013-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorsure/authorsure-23-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T19:20:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nblocks/nblocks-102-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/google-analytics-by-monster-insights-8210-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faq-for-woocommerce/xplainer-woocommerce-product-faq-163-reflected-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-captcha/wp-captcha-200-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplr-registration-form/simplr-registration-form-plus-234-reflected-cross-site-scripting</loc>
<lastmod>2015-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rt18-extensions/rt-theme-18-extensions-25-cross-site-request-forgery</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-iframe/simple-iframe-111-authenticatedcontributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-590-reflected-cross-site-scripting-via-b2s_id-parameter</loc>
<lastmod>2019-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-cachepress/speed-optimizer-746-missing-authorization-via-purge_on_other_events</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iflychat/iflychat-wordpress-chat-464-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/switchblade/switchblade-powerful-wordpress-theme-132-arbitrary-file-upload</loc>
<lastmod>2013-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-notices-for-woocommerce/product-notices-for-woocommerce-133-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nika/nika-1214-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsecure/bsecure-8211-your-universal-checkout-179-unauthenticated-sql-injection</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-520-missing-authorization-to-authenticated-subscriber-listing-types-tampering</loc>
<lastmod>2025-11-10T22:39:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/multivendorx-the-ultimate-woocommerce-multivendor-marketplace-solution-4214-unauthenticated-limited-local-file-inclusion</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-225-unauthenticated-review-restriction-bypass</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/points-management-system-for-gamification-ranks-badges-and-loyalty-rewards-program-mycred-304-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-slider-for-elementor/ht-slider-for-elementor-139-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-groupblog/buddypress-groupblog-193-authenticated-subscriber-privilege-escalation-to-administrator-via-group-blog-idor</loc>
<lastmod>2026-04-10T12:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smoove-elementor/smoove-connector-for-elementor-forms-410-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T21:19:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2428-authenticated-contributor-stored-cross-site-scripting-via-multiple-widget-attributes</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-cross-site-request-forgery-to-post-lockage</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-map-pro/image-map-pro-569-cross-site-request-forgery</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zynith-seo/zynith-seo-749-missing-authorization-to-unauthenticated-arbitrary-option-deletion</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-realty/wprealty-291-time-based-blind-sql-injection</loc>
<lastmod>2013-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-logos/awesome-logos-12-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-16265-unauthenticated-sql-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminer/adminer-144-cross-site-scripting</loc>
<lastmod>2016-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-login-after-registration/auto-login-after-registration-100-reflected-cross-site-scripting</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/hotel-booking-38-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/small-package-quotes-purolator-edition/small-package-quotes-purolator-edition-364-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T21:31:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tz-plus-gallery/tz-plusgallery-155-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-231-cross-site-scripting</loc>
<lastmod>2016-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryout-serious-slider/serious-slider-126-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-user-details/extra-user-details-05-cross-site-request-forgery</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-social-share/kiwi-social-sharing-210-212-arbitrary-options-change</loc>
<lastmod>2021-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-for-woocommerce/fibosearch-ajax-search-for-woocommerce-1320-authenticated-contributor-stored-cross-site-scripting-via-thegem_te_search-shortcode</loc>
<lastmod>2025-12-19T19:45:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-6115-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-options/gutenberg-block-editor-toolkit-editorskit-1404-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-paypal/payment-button-for-paypal-12341-missing-authorization-to-unauthenticated-arbitrary-order-creation</loc>
<lastmod>2026-01-16T14:37:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menubar/menubar-572-reflected-cross-site-scripting</loc>
<lastmod>2022-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-164-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/download-ip2location-country-blocker-2291-bypass-via-ip-spoofing</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleschema-free/simpleschema-1769-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/wp-google-review-slider-181-reflected-cross-site-scripting-via-place-parameter</loc>
<lastmod>2026-06-30T15:04:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pennews/pennews-673-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajar-productions-in5-embed/ajar-in5-embed-315-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-whisper/link-whisper-free-069</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-redirect/shortcode-redirect-1002-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3287-authenticated-editor-arbitrary-file-deletion</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugins-last-updated-column/plugins-last-updated-column-013-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-slider-for-woocommerce-lite/product-slider-for-woocommerce-lite-117-authenticatedcontributor-stored-cross-site-scripting-via-meta-keys</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-shot-form-builder/e-shot-102-missing-authorization-to-authenticated-subscriber-form-settings-modification-via-ajax</loc>
<lastmod>2026-04-14T19:45:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moving-media-library/moving-media-library-122-authenticated-administrator-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-03-05T20:19:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-486-authenticated-subscriber-limited-local-file-inclusion</loc>
<lastmod>2026-02-16T10:59:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/when-last-login/when-last-login-121-cross-site-request-forgery-via-wll_hide_subscription_notice</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-friends/top-friends-03-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-11-17T20:16:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-pdf-restaurant-menu-upload/easy-restaurant-menu-manager-112-cross-site-scripting</loc>
<lastmod>2019-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14031-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordcents/elis-wordcents-adsense-widget-with-analytics-130327-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-the-1-wordpress-widget-block-control-plugin-412-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtexttool/textmetrics-365-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3532-missing-authorization</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-o-matic/print-o-matic-202-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-post-modification</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/design-comuni-wordpress-theme/design-comuni-italia-111-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3130-reflected-cross-site-scripting-via-lang-pid-parameters</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/afiliados-de-amazon-lite/amazon-affiliate-lite-plugin-100-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2025-12-19T15:05:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-woocommerce-quickbooks/integration-for-woocommerce-and-quickbooks-123-open-redirect-via-setup_plugin</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-contact-form-7/ultimate-addons-for-contact-form-7-3123-authenticatedsubscriber-sql-injection</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-img-shortcode/cc-img-shortcode-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-12T13:22:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-accessibility-helper/wp-accessibility-helper-wah-0629-missing-authorization</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classyfrieds/classyfrieds-38-arbitrary-file-upload</loc>
<lastmod>2021-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resmushit-image-optimizer/resmushit-image-optimizer-046-cross-site-request-forgery</loc>
<lastmod>2022-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dr-widgets-blocks/delisho-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-parcelas/woocommerce-parcelas-135-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpowerpack/powerpack-for-beaver-builder-2373-reflected-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-480-authenticated-contributor-stored-cross-site-scripting-via-icon-link</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-forms/iframe-forms-10-authenticated-contributor-stored-cross-site-scripting-via-iframe-shortcode</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-259-missing-authorization-to-settings-update</loc>
<lastmod>2019-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-338-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2626-cross-site-request-forgery</loc>
<lastmod>2019-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/nexter-blocks-407-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/abandoned-contact-form-7/abandoned-contact-form-7-29-missing-authorization</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/schedule-post-changes-with-publishpress-future-unpublish-delete-change-status-trash-change-categories-493-missing-authorization-to-authenticated-contributor-workflow-manipulation</loc>
<lastmod>2026-01-08T17:41:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easypromos/easypromos-plugin-138-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-18T14:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analyticswp/analyticswp-200-missing-authorization</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3r-elementor-timeline-widget/elementor-timeline-widget-22-missing-authorization-to-notice-dismissal</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3714-authentication-bypass</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/klarna-checkout-for-woocommerce/klarna-checkout-for-woocommerce-209-arbitrary-plugin-installation-activation-and-deactivation</loc>
<lastmod>2020-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-717-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/romethemeform/romethemeform-for-elementor-115-missing-authorization-via-export_entries-rtformnewform-and-rtformupdate</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-table-of-contents/luckywp-table-of-contents-216-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asset-clean-up/asset-cleanup-1384-reflected-cross-site-scripting-via-ajax-action</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-599-authenticated-contributor-stored-cross-site-scripting-via-data-table</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-186-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-with-ai-seo-tools-10214-authenticatedcontributor-stored-cross-site-scripting-via-howto-block-attributes</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimum-password-strength/minimum-password-strength-120-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-6121-authenticated-subscriber-authorization-bypass-via-form_id-parameter</loc>
<lastmod>2026-05-13T17:13:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/variable-inspector/variable-inspector-271-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pit-login-welcome/pit-login-welcome-115-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75457212-reflected-cross-site-scripting</loc>
<lastmod>2024-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thumbnail-editor/thumbnail-editor-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-email-assign-templates/bp-email-assign-templates-17-authenticated-admin-arbitrary-option-deletion</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bears-backup/bears-backup-200-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-logo-carousel/logo-carousel-172-stored-cross-site-scripting</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-548-reflected-cross-site-scripting-in-product-xml-feeds-module</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments/subscribe-to-comments-207-reflected-cross-site-scripting</loc>
<lastmod>2006-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162611-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-levoslideshow/levo-slideshow-23-cross-site-scripting</loc>
<lastmod>2016-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-social-questions-and-answers-212-cross-site-request-forgery-to-arbitrary-user-invites</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/printfriendly/print-pdf-email-by-printfriendly-522-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-currency/wbw-currency-switcher-for-woocommerce-225-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-is-gold/soundcloud-is-gold-22-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-284-denial-of-service</loc>
<lastmod>2009-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon-widget/icon-widget-126-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-wp-booster-by-ads-pro/ads-booster-by-ads-pro-112-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/examapp/ibps-online-exam-plugin-for-wordpress-10-sql-injection</loc>
<lastmod>2017-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dt-the7/the7-website-and-ecommerce-builder-for-wordpress-210-reflected-cross-site-scripting</loc>
<lastmod>2015-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-accordion/smooth-accordion-21-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-and-booking-calendar-pro-multiple-versions-reflected-cross-site-scripting-via-calendar_id</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-2253-missing-authorization</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-meta-description-updater/seo-meta-description-updater-120-missing-authorization</loc>
<lastmod>2025-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folderly/folderly-03-incorrect-authorization-to-authenticated-author-term-deletion</loc>
<lastmod>2025-10-31T16:35:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-copy-content-protection/secure-copy-content-protection-and-content-locking-423-reflected-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-optin-wheel/wp-optin-wheel-147-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-503-authenticated-administrator-stored-cross-site-scripting-via-block-emails-field</loc>
<lastmod>2026-03-03T12:40:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1351-cross-site-request-forgery-to-draft-custom-form-creation</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vayu-blocks/vayu-blocks-gutenberg-blocks-for-wordpress-woocommerce-111-missing-authorization-to-unauthenticated-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pantry/pantry-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-checkout-field-editor-pro/checkout-field-editor-checkout-manager-for-woocommerce-203-reflected-cross-site-scripting-via-render_review_request_notice</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-725-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/polls-widget/poll-survey-questionnaire-and-voting-system-174-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-table-lite/woocommerce-product-table-lite-387-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/slider-popup-builder-by-depicter-add-image-slider-carousel-slider-exit-intent-popup-popup-modal-coupon-popup-post-slider-carousel-311-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2024-08-13T19:54:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captcha-in-thai/captcha-in-thai-11-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-453-authenticated-contributor-stored-cross-site-scripting-via-blockid-block-attribute</loc>
<lastmod>2026-06-18T15:43:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/wp-lead-plus-x-098-stored-cross-site-scripting</loc>
<lastmod>2020-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tracking/order-tracking-pro-336-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2223-authenticated-admin-sql-injection</loc>
<lastmod>2023-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enzio/enzio-responsive-business-wordpress-theme-126-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_thankyou-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4253-reflected-cross-site-scripting-via-add_internal_scripts_to_head</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-all-in-one-61035-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-table-of-contents/top-table-of-contents-1331-missing-authorization</loc>
<lastmod>2026-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woomotiv/woomotiv-361-unauthenticated-sql-injection</loc>
<lastmod>2025-01-06T15:09:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-2545-remote-code-execution-via-improper-capability-checks-in-ajax-calls</loc>
<lastmod>2020-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets2table/sheets2table-041-authenticated-contributor-stored-cross-site-scripting-via-titles-shortcode-attribute</loc>
<lastmod>2026-03-20T15:06:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accommodation-system/accommodation-system-101-missing-authorization</loc>
<lastmod>2022-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mandala/mandala-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shapes/wp-shapes-100-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-12-19T18:06:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moving-users/moving-users-105-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-16T18:23:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seur/seur-oficial-22102-unauthenticated-sql-injection</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-sell-digital-products-securely-574-arbitrary-user-meta-update-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-762-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2023-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-landing-pages-leadmagic/user-registration-login-landing-pages-127-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgenious-job-listing/wpgenius-job-listing-102-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T13:46:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram-rainmaker/icegram-collect-easy-form-lead-collection-and-subscription-plugin-1314-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-email-blacklist/cm-e-mail-blacklist-162-authenticated-administrator-stored-cross-site-scripting-via-black_email-parameter</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-google-sheet-connector-pro/easy-digital-downloads-google-sheet-connector-166-cross-site-request-forgery-to-access-code-update</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-518-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-photo/sell-photo-105-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quartz/quartz-1011-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-provider/file-provider-123-unauthenticated-sql-injection</loc>
<lastmod>2025-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-element-html5-video-and-audio-player/mediaelementjs-html5-video-audio-player-428-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-simple-ecommerce-for-selling-digital-files-2915-stored-cross-site-scripting</loc>
<lastmod>2019-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-ticket-system-for-woocommerce/helpdesk-support-ticket-system-for-woocommerce-212-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-retriever/wordpress-rss-feed-retriever-167-missing-authorization</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3266-privilege-escalation</loc>
<lastmod>2020-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-309-reflected-cross-site-scripting</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-permalink-suffix-update</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-download-manager/wp-downloadmanager-plugin-161-cross-site-scripting</loc>
<lastmod>2013-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11535-unauthenticated-stored-cross-site-scripting-via-svg-file</loc>
<lastmod>2026-02-02T18:12:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-header-footer-woocommerce-builder-template-library-2083-reflected-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-6114-authenticatedsubscriber-stored-cross-site-scripting-via-display-name</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-reviews-free/wp-ultimate-reviews-free-102-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-custom-templates-lite/post-custom-templates-lite-114-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wrc-pricing-tables/wrc-pricing-tables-237-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogger-buzz/blogger-buzz-124-missing-authorization-via-activate_plugin</loc>
<lastmod>2023-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1423-missing-authorization-to-double-booking</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-273-unauthenticated-blind-sql-injection-via-rest-api</loc>
<lastmod>2023-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5118-missing-authorization-to-authenticated-subscriber-mailchimp-integration-modification</loc>
<lastmod>2024-08-31T21:37:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-128-a1-authenticated-contributor-stored-cross-site-scripting-via-block-attribute</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resume-upload-form/upload-resume-120-authenticated-sensitive-information-disclosure-via-resume_upload_form_list-shortcode</loc>
<lastmod>2023-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postcasa/postcasa-shortcode-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/g-web-shop/zingiri-web-shop-223-remote-code-execution</loc>
<lastmod>2011-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-feed/smash-balloon-social-photo-feed-151-reflected-cross-site-scripting</loc>
<lastmod>2018-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-manager-wd/10webadmanager-1011-unauthenticated-arbitrary-file-download</loc>
<lastmod>2026-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookmarkify/bookmarkify-113-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-modal-window/ocean-modal-window-232-authenticated-editor-remote-code-execution</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3141-missing-authorization-to-authenticated-subscriber-limited-file-deletion</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-missing-authorization-in-loadtab-function</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-pm/front-end-pm-1143-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/luxmed/luxmed-medicine-healthcare-doctor-wordpress-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sp-client-document-manager/sp-project-document-manager-457-sensitive-file-disclosure</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/boot-store/boot-store-164-authenticated-contributor-stored-cross-site-scripting-via-button-shortcode</loc>
<lastmod>2024-07-01T13:24:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picture-gallery/picture-gallery-163-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-future-posts/display-future-posts-023-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-set-favicon/easy-set-favicon-11-reflected-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-2152-cross-site-scripting</loc>
<lastmod>2018-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-notes/simple-post-notes-175-subscriber-stored-cross-site-scripting</loc>
<lastmod>2022-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ignitiondeck/ignitiondeck-crowdfunding-platform-116-missing-authorization</loc>
<lastmod>2015-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-1624-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3105-authenticated-contributor-stored-cross-site-scripting-via-image-stack-group-photo-stack-horizontal-timeline</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-importer-and-generator/user-generator-and-importer-122-cross-site-request-forgery-to-privilege-escalation-via-arbitrary-administrator-account-creation</loc>
<lastmod>2025-12-04T20:38:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/12-step-meeting-list/12-step-meeting-list-31428-missing-authorization</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-404-authenticated-contributor-stored-cross-site-scripting-via-rest-api</loc>
<lastmod>2026-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/th-product-compare/multiple-plugins-by-themehunk-various-versions-missing-authorization-via-settings_init</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmace/gmace-152-cross-site-request-forgery-to-arbitrary-file-modification-creationoverwritedeletion</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-499-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thinkific-uploader/thinkific-uploader-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-recommendations/woocommerce-product-recommendations-230-cross-site-request-forgery</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imoney/imoney-036-reflected-cross-site-scripting</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image/instant-image-generator-152-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-cleanup/admin-cleanup-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whizzy/whizzy-1118-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-50-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-lite/coupon-plugin-121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-conditional-fields/conditional-fields-for-contact-form-7-2413-cross-site-request-forgery-to-plugin-setting-reset</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook/real3d-flipbook-28-unauthenticated-arbitrary-file-or-directory-delete</loc>
<lastmod>2016-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popup-banners/wp-popup-banners-125-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-gravityforms-blacklist/bsk-forms-blacklist-363-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ebook-store/ebook-store-58008-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-wp-image-gallery/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-prettyphoto-javascript-library</loc>
<lastmod>2025-07-02T23:16:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-628-information-disclosure</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-281-information-exposure-via-log-files</loc>
<lastmod>2025-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hospital-management/hospital-management-system-47020-11-2023-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-groups/plugin-groups-206-missing-authorization-to-unauthenticated-denial-of-service</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/atarim-40-missing-authorization</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-21120-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-09T18:30:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-welcome-bar/welcome-bar-203-cross-site-request-forgery</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-snippets/post-snippets-313-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taqnix/taqnix-103-cross-site-request-forgery-to-account-deletion-via-taqnix_delete_my_account-ajax-action</loc>
<lastmod>2026-04-23T19:16:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultra-admin/ultra-wordpress-admin-117-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/my-white/my-white-208-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-action-buttons/sticky-action-buttons-11-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-06T20:32:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cart-for-digital-products/wp-estore-854-reflected-cross-site-scripting-via-request_uri</loc>
<lastmod>2024-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-theme-demo-bar/theme-demo-bar-163-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zm-ajax-login-register/zm-ajax-login-register-109-local-file-inclusion</loc>
<lastmod>2015-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-443-reflected-cross-site-scripting-via-qc_res</loc>
<lastmod>2021-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-149-information-exposure-to-unauthenticated-back-up-download</loc>
<lastmod>2025-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediapress/mediapress-161-authenticated-contributor-stored-cross-site-scripting-via-plugins-shortcode</loc>
<lastmod>2026-01-05T21:13:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twigify/twigify-112-ap-twig-bridge-10-content-template-engine-094-running-vulnerable-twig-package</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-catch-all/emails-catch-353-authenticated-subscriber-information-exposure-to-password-reset-and-privilege-escalation</loc>
<lastmod>2025-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newses/newses-20077-missing-authorization</loc>
<lastmod>2026-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0119-missing-authorization</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-viewer/library-viewer-206-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/goto/goto-tour-travel-wordpress-theme-21-sql-injection</loc>
<lastmod>2021-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-119-cross-site-request-forgery-to-stored-cross-site-scripting-via-wdk_resultitem</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bne-testimonials/bne-testimonials-208-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/move-addons/move-addons-for-elementor-136-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallerio/gallerio-101-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tm-wordpress-redirection/tm-wordpress-redirection-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2026-05-11T19:05:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-wordpress-media-library-folders-file-manager-563-authenticated-author-insecure-direct-object-reference</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/divi-builder/elegant-themes-divi-323-409-divi-extra-223-409-divi-builder-223-409-php-code-injection</loc>
<lastmod>2020-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/admin-and-customer-messages-after-order-for-woocommerce-132-authenticated-subscriber-limited-file-upload-to-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-contador-wp/my-contador-lesr-20-missing-authorization-to-unauthenticated-user-registration-csv-export</loc>
<lastmod>2024-11-20T17:28:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfilesearch/wordpress-file-search-12-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-url-seo/dynamic-url-seo-10-cross-site-request-forgery</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-pdf-embedder-embed-pdf-viewer-youtube-videos-3d-flipbook-social-feeds-more-452-unauthenticated-information-exposure</loc>
<lastmod>2026-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2-click-socialmedia-buttons/2-click-social-media-buttons-034-cross-site-scripting</loc>
<lastmod>2012-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pmpro-membership-maps/paid-memberships-pro-membership-maps-add-on-07-authenticated-contributor-information-disclosure</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-table-of-contents/luckywp-table-of-contents-2110-cross-site-request-forgery-to-reflected-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-domain-whitelist/user-domain-whitelist-14-cross-site-request-forgery</loc>
<lastmod>2014-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-world/the-world-04-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-bio-shortcode/author-bio-shortcode-253-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2912-authenticated-contributor-stored-cross-site-scripting-via-custom-mouse-cursor-module</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/follow-my-blog-post/follow-my-blog-post-240-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-1145-reflected-cross-site-scripting</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/schedule-post-changes-with-publishpress-future-unpublish-delete-change-status-trash-change-categories-491-authenticated-author-missing-authorization-to-postpage-status-modification</loc>
<lastmod>2025-11-20T19:53:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/guest-posting-frontend-posting-wordpress-plugin-wp-front-user-submit-front-editor-447-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-1112-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mildhill/mildhill-15-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ad-management/ads24-lite-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-redirector/qr-redirector-15-cross-site-request-forgery</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opening-hours/were-open-144-missing-authorization</loc>
<lastmod>2023-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-extended-config/tinymce-extended-config-010-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-icon-animate/call-now-icon-animate-010-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0902-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2020-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2063-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-podcasting/seriously-simple-podcasting-3141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T02:09:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/civicrm/civicrm-5281-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkit-elementor/wpkit-for-elementor-110-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lightpop/wp-lightpop-0856-remote-media-file-inclusion</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/evergreen-content-poster/evergreen-content-poster-145-cross-site-request-forgery</loc>
<lastmod>2025-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hunk-external-links/hunk-external-links-305-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paymaya-checkout-for-woocommerce/maya-business-120-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-yandex-metrika/yandexmetrica-122-missing-authorization</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notification-for-telegram/notification-for-telegram-351-missing-authorization</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-171-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/persian-woocommerce-sms-705-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-367-missing-authorization-to-authenticated-contributor-gallery-management</loc>
<lastmod>2025-12-18T20:29:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicko-for-elementor/slicko-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-menu/all-in-menu-115-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-gutenberg-blocks-saved-templates-addon-249-private-content-disclosure</loc>
<lastmod>2021-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-353-authenticated-contributor-stored-cross-site-scripting-via-twitter-url-field</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/5centscdn/5centscdn-25415-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-all-in-one-62001-missing-authorization</loc>
<lastmod>2024-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/importify/importify-104-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/enfold/enfold-569-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rws-enquiry/rws-enquiry-and-lead-follow-up-10-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gotowebinar/wp-gotowebinar-156-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/updater/updater-by-bestwebsoft-134-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tooltips/wordpress-tooltips-943-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zohocreator/zoho-creator-forms-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-ecommerce-product-addons/ibtana-ecommerce-product-addons-0474-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filled-in/filled-in-192-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-performance-lite/swift-performance-lite-23614-missing-authorization-to-unauthenticated-settings-export</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-sefl-edition/ltl-freight-quotes-sefl-edition-324-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T21:56:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/paragon/paragon-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-788-authenticated-subscriber-arbitrary-code-execution</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-9310-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-453-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-firewall-malware-scan-760-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-answers/cm-answers-333-cross-site-request-forgery</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-wordpress-custom-fields-framework-4162-file-deletion-via-attachment_id-parameter</loc>
<lastmod>2019-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cron-manager/advanced-cron-manager-debug-control-259-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-property/wp-property-wordpress-powered-real-estate-and-property-management-1384-information-disclosure</loc>
<lastmod>2014-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3298-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-elearning-and-online-course-solution-261-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.1/wordpress-core-621-insufficient-sanitization-of-block-attributes</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codepen-embed-block/codepen-embed-block-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-student-result/student-result-or-employee-database-174-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docket-cache/docket-cache-object-cache-accelerator-210801-reflected-cross-site-scripting</loc>
<lastmod>2021-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-posts-display/magical-posts-display-1254-authenticated-author-stored-cross-site-scripting-via-magical-posts-accordion-widget</loc>
<lastmod>2025-12-11T22:32:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-5194-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-11-12T15:37:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendar-wd/event-calendar-1150-subscriber-event-creation</loc>
<lastmod>2021-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spambam/spambam-21-authorization-bypass</loc>
<lastmod>2008-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hk-exif-tags/hk-exif-tags-111-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facethumb/wp-facethumb-10-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatsome/flatsome-3196-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-1574-stored-cross-site-scripting-via-uploaded-svg</loc>
<lastmod>2021-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-manager/quick-event-manager-974-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inventorypress/inventorypress-17-authenticatedauthor-stored-cross-site-scripting</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyrlitera/cyrlitera-130-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplingo/wplingo-forum-plugin-112-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-slider/advanced-post-slider-300-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-306-missing-authorization-to-infinite-money-glitch</loc>
<lastmod>2025-01-07T21:46:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-forms/mage-front-end-forms-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-chat-for-whatsapp/click-to-chat-422-authenticated-contributor-stored-dom-based-cross-site-scripting-via-data-no_number-parameter</loc>
<lastmod>2025-06-13T20:15:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-footnotes/wp-footnotes-22-multiple-cross-site-scripting</loc>
<lastmod>2008-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphviz/wp-graphviz-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0924-insecure-cryptography-to-sensitive-information-disclosure</loc>
<lastmod>2020-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-keyword-link/wp-keyword-link-17-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sportspress-tv/legacy-eplayer-099-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-video-gallery-master/photo-video-gallery-master-153-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-06-18T14:35:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reply-notify/wp-reply-notify-11-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-142-sensitive-information-disclosure</loc>
<lastmod>2020-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-latest-tabs/latest-tabs-15-cross-site-request-forgery-to-plugins-settings-update</loc>
<lastmod>2026-01-06T20:02:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-105-reflected-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons3/easy-social-share-buttons-1071-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aggregator-advanced-settings/aggregator-advanced-settings-121-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-03T13:31:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-296-information-disclosure</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-246-cross-site-request-forgery</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-contact-form-with-file-upload/website-contact-form-with-file-upload-134-arbitrary-file-upload</loc>
<lastmod>2015-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-3214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-384-cross-site-request-forgery</loc>
<lastmod>2019-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-181-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-272-authenticated-administrator-sql-injection</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-promotions-and-insights/paypal-marketing-solutions-12-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bei-fen/bei-fen-wordpress-backup-plugin-142-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-09-29T15:30:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-610-authenticated-contributor-stored-cross-site-scripting-via-osm_map-and-osm_map_v3-shortcodes</loc>
<lastmod>2024-09-26T18:40:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13980-authenticated-contributor-dom-based-stored-cross-site-scripting-via-magazine-gridslider-widget</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/news-ticker-for-elementor/news-ticker-for-elementor-213-missing-authorization</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/99robots-header-footer-code-manager-pro/header-footer-code-manager-pro-1016-reflected-cross-site-scripting-via-message</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-177-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/travel-booking-wordpress-theme-323-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/streamit/streamit-401-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/play-ht/playht-make-your-blog-posts-accessible-with-text-to-speech-audio-364-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subscribe/subscribe-1216-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woothemes-sensei/sensei-pro-wc-paid-courses-42311231-authenticated-student-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gostore/gostore-164-reflected-cross-site-scripting</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/upfrontwp/upfrontwp-10-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adminimize/adminimize-1722-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linear/linear-281-cross-site-request-forgery-to-cache-reset</loc>
<lastmod>2025-01-24T14:38:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-for-woocommerce/facebook-for-woocommerce-357-missing-authorization-to-unauthenticated-notification-dismissal</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-video-gallery-258-260-arbitrary-file-download-server-side-request-forgery</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-24-sql-injection</loc>
<lastmod>2012-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1260-missing-authorization-to-unauthenticated-arbitrary-booking-confirmation-via-dex_bccf_ipn-parameter</loc>
<lastmod>2025-11-21T19:35:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-unleashed/search-unleashed-0210-cross-site-scripting</loc>
<lastmod>2008-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doppler-form/doppler-forms-251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copyrightpro/copyrightpro-21-cross-site-request-forgery</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-17154-cross-site-request-forgery-to-template-reset</loc>
<lastmod>2024-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsc-mijnpress/wpsc-mijnpress-001-cross-site-scripting</loc>
<lastmod>2012-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsyncsheets-wpforms/wpsyncsheets-lite-for-wpforms-wpforms-google-spreadsheet-addon-16-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-me/csv-me-20-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-06-17T20:42:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/becustom/becustom-1052-cross-site-request-forgery</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-308-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-433-authenticated-shop-manager-sql-injection</loc>
<lastmod>2026-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-209-authenticated-subscriber-html-injection</loc>
<lastmod>2022-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/darcie/darcie-115-reflected-cross-site-scripting-via-js-split</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-contact-form-7-wpforms-and-more-120-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp125/wp125-149-cross-site-request-forgery</loc>
<lastmod>2013-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flashmart/flashmart-2015-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-254-authenticated-contributor-stored-cross-site-scripting-via-buttonmodal-widget</loc>
<lastmod>2025-07-01T20:38:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-author-bio/better-author-bio-271011-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-635-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/likert-survey-master/likert-survey-master-0801-reflected-cross-site-scripting</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-extra/envo-extra-1816-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-and-structured-data-for-wp/schema-structured-data-for-wp-amp-149-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/snow-monkey-forms/snow-monkey-forms-511-directory-traversal-via-view-rest-endpiont</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/claspo/claspo-popups-spin-the-wheel-email-capture-107-missing-authorization</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/chatbot-673-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-kit/realkit-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-20T18:47:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-stat/web-stat-140-api-key-disclosure</loc>
<lastmod>2021-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-1254-csv-injection</loc>
<lastmod>2021-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-to-page/php-to-page-03-authenticated-subscriber-local-file-inclusion-to-remote-code-execution-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-13971-authenticated-contributor-stored-cross-site-scripting-via-advanced-accordion-title-tags</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-204-directory-traversal</loc>
<lastmod>2006-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-pdf/advanced-pdf-117-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-user-directory/dynamic-user-directory-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/so-called-air-quotes/so-called-air-quotes-01-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-03-28T18:38:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-generator/page-generator-165-cross-site-request-forgery-to-arbitrary-keywords-deletionduplication</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/renee-work-in-progress/3d-work-in-progress-103-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slotti-ajanvaraus/slotti-ajanvaraus-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.6/wordpress-core-453-denial-of-service</loc>
<lastmod>2016-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moneytheme/moneytheme-all-versions-cross-site-scripting</loc>
<lastmod>2013-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pt-elementor-addons-lite/appsero-121-missing-authorization</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-securely-connects-sites-to-the-mainwp-wordpress-manager-dashboard-2092-authentication-bypass</loc>
<lastmod>2015-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-theme-options/easy-theme-options-10-missing-authorization-to-authenticated-subscriber-arbitrary-plugin-settings-import</loc>
<lastmod>2025-12-12T16:05:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/if-so/if-so-dynamic-content-personalization-1631-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-to-html/csv-to-html-326-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointify/appointify-108-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-go-maps-formerly-wp-google-maps-9046-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2025-10-08T13:41:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-elementor-widgets-141-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-06-14T21:36:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance-mode/wp-maintenance-mode-coming-soon-244-cross-site-request-forgery</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-216-authenticated-contributor-sql-injection</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-timeline-lite/bold-timeline-lite-127-authenticated-contributor-stored-cross-site-scripting-via-title-parameter-in-bold_timeline_group-shortcode</loc>
<lastmod>2025-12-11T15:10:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indianic-testimonial/testimonial-23-authenticated-contributor-sql-injection</loc>
<lastmod>2025-09-09T17:41:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/droip/droip-252-missing-authorization-to-authenticated-subscriber-arbitrary-settings-change</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avishi-wp-paypal-payment-button/avishi-wp-paypal-payment-button-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-07-18T14:11:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animategl/animategl-animations-for-wordpress-elementor-gutenberg-blocks-animations-1423-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2025-01-31T14:42:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ljusers/ljusers-120-authenticated-contributor-stored-cross-site-scripting-via-name-shortcode-attribute</loc>
<lastmod>2025-12-11T14:19:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-094-cross-site-request-forgery-leading-to-stored-cross-site-scripting</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/appointment-booking-calendar-simply-schedule-appointments-booking-plugin-16714-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flatty-flat-admin-theme/flatty-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpheka-request-for-quote/request-for-quote-13-cross-site-request-forgery</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hr-management/employee-leave-and-recruitment-management-system-crew-hrm-122-missing-authorization</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popad/popad-104-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-09-03T21:05:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tagregator/tagregator-06-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2018-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-market-for-woocommerce/wholesale-market-for-woocommerce-200-authenticated-administrator-arbitrary-log-file-download</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-677-authenticated-author-stored-cross-site-scripting-via-htmltag-parameter</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-booking-system/wp-booking-system-free-version-152-cross-site-request-forgery</loc>
<lastmod>2019-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpkoi-templates-for-elementor/wpkoi-templates-for-elementor-313-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baidu-tongji-generator/baidu-tongji-generator-102-cross-site-request-forgery</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-options-z/theme-options-z-14-cross-site-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-table-contact-form-db-wpforms-cf7-gravity-forminator-fluent-123-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/label-plugins/label-plugins-05-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:24:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-wordpress-migration-plugin-147-sensitive-information-disclosure</loc>
<lastmod>2022-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svegliat-buttons/svegliat-buttons-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homey-core/homey-core-243-missing-authorization</loc>
<lastmod>2025-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-wp-colorfull-accordion/simple-wp-colorfull-accordion-10-authenticated-contributor-cross-site-scripting-via-title-shortcode-attribute</loc>
<lastmod>2026-02-13T16:22:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitelock/sitelock-security-501-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-161-cross-site-request-forgery-in-listentosfieldsavingtask-function</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-security-firewall-5201-login-page-disclosure</loc>
<lastmod>2024-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-compare/yith-woocommerce-compare-360-authenticated-admin-php-object-injection</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clock-lite-tracking-employee-time-has-never-been-easier-20-reflected-cross-site-scripting</loc>
<lastmod>2025-08-01T19:33:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sidebar-manager/lightweight-sidebar-manager-114-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-promoter/wp-promoter-13-cross-site-request-forgery-to-stored-cross-site-scripting-via-popup_width-parameter</loc>
<lastmod>2026-05-26T19:07:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-8112-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-09-08T10:12:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-125-missing-authorization</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-511-sensitive-information-disclosure</loc>
<lastmod>2020-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/biolife/biolife-323-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fma-additional-registration-attributes/woocommerce-custom-registration-form-104-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugins-dashboard/download-plugins-and-themes-from-dashboard-196-cross-site-request-forgery-to-bulk-plugintheme-archival</loc>
<lastmod>2025-12-16T19:02:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-document-revisions/document-revisions-372-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-page-access-restriction/simple-page-access-restriction-1032-cross-site-request-forgery</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osm/osm-openstreetmap-603-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-07-08T20:10:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-product-options-for-woocommerce/extra-product-options-for-woocommerce-306-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-show-core/wpb-show-core-22-unauthenticated-local-file-inlclusion</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5744-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-station/radio-station-by-netmix-manage-and-play-your-show-schedule-in-wordpress-257-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-events-manager/mobile-events-manager-147-authenticated-administrator-csv-injection</loc>
<lastmod>2022-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-489-and-492-cross-site-request-forgery-on-ajax-actions</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-shortcodes/html-shortcodes-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-10T20:06:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-292-authenticated-sql-injection</loc>
<lastmod>2025-02-20T21:16:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forumwp/forumwp-210-unauthenticated-php-object-injection</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-7222-unauthenticated-information-exposure</loc>
<lastmod>2025-12-11T21:39:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pallet-packaging-for-woocommerce/pallet-packaging-for-woocommerce-1115-missing-authorization</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-yard/yellow-yard-searchbar-2727-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-wall/image-wall-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-csv-or-excel-file-to-wordpress-wp-all-import-396-authenticated-administrator-remote-code-execution-via-conditional-logic</loc>
<lastmod>2025-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-elementor-addons-1442-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-and-widgets-6119-authenticated-contributor-stored-cross-site-scripting-via-calendar-and-business-reviews-widgets</loc>
<lastmod>2025-07-07T13:19:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-123-reflected-cross-site-scripting-via-search</loc>
<lastmod>2023-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log/user-activity-log-162-unauthenticated-sql-injection-via-username</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aiktp/aiktp-5004-missing-authorization-to-authenticated-subscriber-multiple-administrator-actions</loc>
<lastmod>2026-01-23T19:19:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-maker/popup-maker-1206-authenticated-contributor-stored-cross-site-scripting-via-title-parameter</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-3811-missing-authorization</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eelv-newsletter/eelv-newsletter-460-cross-site-request-forgery</loc>
<lastmod>2017-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-consent-autoblock/cookie-consent-autoblock-for-gdprccpa-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-6111-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/artibot/artibot-free-chat-bot-for-wordpress-websites-116-missing-authorization-to-settings-update</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/levelfourstorefront/l4-shopping-cart-plugin-811-sql-injection</loc>
<lastmod>2013-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-mint/mail-mint-newsletters-email-marketing-automation-woocommerce-emails-post-notification-and-more-1195-unauthenticated-information-disclosure</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/career-section/career-section-16-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2026-04-15T18:53:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minimalistic-event-manager/minimalistic-event-manager-111-missing-authorization</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-617-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/launchpage-app-importer/launchpageapp-importer-11-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fontawesomeio-shortcodes/fontawesomeio-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtexttool/textmetrics-362-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-refund-and-return-order-for-woocommerce/flexible-refund-and-return-order-for-woocommerce-1042-incorrect-authorization-to-authenticated-contributor-refund-status-update</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/studiozen/studiozen-theme-all-versions-cross-site-scripting</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imdb-info-box/imdb-info-box-20-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-413-missing-authorization</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/script-compressor/script-compressor-171-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/x-addons-elementor/x-addons-for-elementor-1016-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system-trafft/booking-system-trafft-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T20:15:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ungallery/ungallery-224-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-256-authorization-bypass</loc>
<lastmod>2022-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-twitter-feeds/ai-twitter-feeds-twitter-widget-shortcode-24-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-139-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2019-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-form-maker-popup-maker-woocommerce-blocks-post-blocks-post-carousel-combo-blocks-2280-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-20T14:10:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-maintenance-countdown/smart-maintenance-countdown-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hbook/booking-calendar-event-calendar-102-missing-authorization</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-4244-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-182-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colornews/colornews-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scriptless-social-sharing/scriptless-social-sharing-321-authenticated-contributor-stored-cross-site-scripting-via-block-options</loc>
<lastmod>2023-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpzoom-portfolio/wpzoom-portfolio-121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-triggers-lite/wp-triggers-lite-253-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/flash-html5-video-2530-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixobe-cartography/pixobe-cartography-101-reflected-cross-site-scripting</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-addredirectrule-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-206-missing-authorization-via-activate_pro_feature</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-554-cross-site-request-forgery</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-100-free-open-source-file-manager-and-code-editor-for-wordpress-67-authenticated-subscriber-stored-cross-site-scripting-via-svg-file-uploads</loc>
<lastmod>2025-06-02T20:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-2943-authenticated-subscriber-race-condition</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alike/alike-wordpress-custom-post-comparison-301-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jannah/jannah-751-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitepos-lite/vitepos-point-of-sale-pos-for-woocommerce-342-unauthenticated-information-exposure</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-random-name-generator/orbisius-random-name-generator-102-authenticated-contributor-stored-cross-site-scripting-via-btn_label-shortcode-attribute</loc>
<lastmod>2026-02-10T15:58:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse-companion/gutenverse-companion-250-missing-authorization</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tuner/woo-tuner-012-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-box/popup-box-324-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-spreadsheets-from-microsoft-excel/import-spreadsheets-from-microsoft-excel-1014-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/morning-coffee/morning-coffee-36-cross-site-scripting</loc>
<lastmod>2011-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-awesome-buttons/awesome-buttons-10-authenticated-contributor-stored-cross-site-scripting-via-btn2-shortcode</loc>
<lastmod>2024-10-24T18:12:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-realestate-manager/wp-real-estate-manager-28-authentication-bypass-via-account-takeover</loc>
<lastmod>2025-03-04T21:14:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-two-factor-authentication/ecommerce-two-factor-authentication-104-reflected-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digits/digits-841-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2024-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-poll/liquidpoll-polls-surveys-nps-and-feedback-reviews-3376-information-exposure</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-413-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2025-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yacp/yet-another-countdown-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eventpress/eventpress-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/miion/miion-127-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-custom-style/gf-custom-style-20-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-25T21:21:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-3132-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-lite-379-missing-authorization</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-appointment-booking-scheduling/advanced-appointment-booking-amp-scheduling-19-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpschoolpress/school-management-system-wpschoolpress-2116-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/wp-foodbakery-47-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xo-liteslider/xo-slider-332-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-06-14T13:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betpress/betpress-101-lite-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-240-297-reflected-cross-site-scripting</loc>
<lastmod>2021-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tcbd-auto-refresher/tcbd-auto-refresher-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-10T19:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/malmonation/malmonation-all-versions-sql-injection</loc>
<lastmod>2012-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bookingpress-appointment-booking/bookingpress-appointment-booking-calendar-plugin-and-online-scheduling-plugin-115-missing-authorization-to-authenticated-subscriber-arbitrary-options-update-and-arbitrary-file-upload</loc>
<lastmod>2024-07-16T18:09:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked/cooked-recipe-management-180-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kids-world/kids-heaven-32-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-or-embed-articulate-content-into-wordpress/insert-or-embed-articulate-content-into-wordpress-43000000023-authenticated-author-stored-cross-site-scripting-via-code-injection</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/sassy-social-share-333-reflected-cross-site-scripting</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cas-maestro/cas-maestro-113-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/smart-mag/smartmag-1031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-widget/social-media-widget-40-spam-link-injection</loc>
<lastmod>2013-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-audio-gallery/wp-audio-gallery-20-authenticated-subscriber-arbitrary-file-read-via-htaccess-manipulation</loc>
<lastmod>2026-02-18T15:29:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-2126-information-exposure-in-debug-logs</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-etracker/wp-etracker-102-reflected-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-access-manager/advanced-access-manager-321-unrestricted-ajax-actions-allowing-privilege-escalation</loc>
<lastmod>2016-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-paths-relative/make-paths-relative-130-cross-site-request-forgery-via-adminclass-make-paths-relative-adminphp</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vimeography/vimeography-vimeo-video-gallery-wordpress-plugin-232-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-ai-powered-business-directory-plugin-with-classified-ads-listings-81-privilege-escalation-and-account-takeover-via-weak-otp</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-replace/easy-replace-13-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenify/gutenify-visual-site-builder-blocks-site-templates-159-authenticated-contributor-stored-cross-site-scripting-via-count-up-block</loc>
<lastmod>2025-11-17T20:27:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reviews-plugin-for-google/widgets-for-google-reviews-98-authenticated-contributor-stored-xss</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/homepage-pop-up/homepage-popup-125-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-optin-box/noptin-387-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fullcalendar/fullcalendar-16-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manager-for-icomoon/manager-for-icomoon-20-unauthenticated-arbitrary-file-upload-via-upload</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-real-estate-plugin/firestorm-professional-real-estate-plugin-20603-sql-injections</loc>
<lastmod>2012-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hello-in-all-languages/hello-in-all-languages-106-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swift-framework/swift-framework-2731-missing-authorization-to-unauthenticated-arbitrary-content-update</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swifty-page-manager/swifty-page-manager-301-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-reviews/site-reviews-724-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeeng-push-notifications/jeeng-push-notifications-203-cross-site-request-forgery</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-5441-missing-authorization</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onepay-payment-gateway-for-woocommerce/onepay-payment-gateway-for-woocommerce-112-missing-authorization-to-unauthenticated-order-status-modification</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobbank/jobbank-122-reflected-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-298-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-1228-authenticated-contributor-open-redirect-via-shortcode</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-2310-cross-site-request-forgery</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-behace-portfolio/simple-behance-portfolio-02-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T15:31:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager-career/job-manager-career-manage-job-board-listings-and-recruitments-144-cross-site-request-forgery-to-php-object-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-easy-quiz-and-survey-maker-1100-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-6112-authenticatedcontributor-stored-cross-site-scripting-via-pricing-table-widget</loc>
<lastmod>2025-06-06T21:37:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodir_location_manager/location-manager-21010-sql-injection</loc>
<lastmod>2021-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cerber/wp-cerber-security-893-multifactor-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bpmnio/bpmnio-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-authenticated-cross-site-scripting-via-avatar-url</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icons-font-loader/icons-font-loader-112-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/n-media-wp-simple-quiz/easy-quiz-maker-15-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-or-post-clone/page-and-post-clone-63-authenticated-contributor-sql-injection-via-meta_key-parameter</loc>
<lastmod>2026-03-04T19:00:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notibar/notibar-214-missing-authorization-via-ajax_install_plugin</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.0/wordpress-core-401-cross-site-scripting</loc>
<lastmod>2014-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/malgre/malgr-103-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualcomposer/visual-composer-website-builder-4580-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-538-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-327-reflected-cross-site-scripting</loc>
<lastmod>2019-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-marketplace/wcfm-marketplace-3411-missing-authorization</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbot/taskbot-64-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-only/private-only-351-multiple-cross-site-request-forgery</loc>
<lastmod>2015-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myticket-events/myticket-events-124-unauthenticated-limited-file-read</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-posts-display/magical-posts-display-elementor-gutenberg-posts-blocks-1238-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-dynamic-text-extension/contact-form-7-dynamic-text-extension-505-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-469-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-191-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-coupons-for-woocommerce-free/advanced-coupons-for-woocommerce-coupons-471-missing-authorization</loc>
<lastmod>2026-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-and-backup-797-authenticated-administrator-stored-cross-site-scripting-via-import</loc>
<lastmod>2025-08-26T10:28:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thecartpress/thecartpress-ecommerce-shopping-cart-1536-cross-site-request-forgery</loc>
<lastmod>2015-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pathomation/pathomation-251-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delucks-seo/delucks-seo-259-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-2985-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ultimate-gift-card/woocommerce-ultimate-gift-card-create-sell-and-manage-gift-cards-with-customized-email-templates-291-reflected-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-095-authenticated-subscriber-sql-injection</loc>
<lastmod>2021-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-557-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-02110-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whatsapp/wp-chat-app-361-authenticated-contributor-stored-cross-site-scripting-via-block-attributes</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-403-sensitive-information-exposure</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-490-editdelete-event-via-idor</loc>
<lastmod>2022-02-10T13:33:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cafe-lite/clever-addons-for-elementor-221-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olympus-google-fonts/fonts-377-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phzoom/phzoom-1292-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-media-directory/simple-video-directory-143-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-1071-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms/constant-contact-forms-1140-missing-authorization-via-constant_contact_optin_ajax_handler</loc>
<lastmod>2023-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translation-exchange/translation-exchange-1014-stored-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows-pro/cartflows-pro-11111-reflected-cross-site-scripting</loc>
<lastmod>2023-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emails-verification-for-woocommerce/email-verification-for-woocommerce-181-authentication-bypass</loc>
<lastmod>2020-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-customize-login-page/wp-customize-login-page-165-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-246-arbitrary-file-upload</loc>
<lastmod>2015-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20260110-authenticated-contributor-stored-cross-site-scripting-via-usp_access-shortcode</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ableplayer/able-player-accessible-html5-media-player-121-authenticated-contributor-stored-cross-site-scripting-via-preload-parameter</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmbytplayer/mbytplayer-338-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip2location-country-blocker/download-ip2location-country-blocker-2383-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplike2get/wplike2get-129-unauthenticated-information-exposure</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/accelerated-mobile-pages-10921-reflected-cross-site-scripting</loc>
<lastmod>2024-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsblogger/newsblogger-0251-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-30T15:00:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tableberg/table-block-by-tableberg-069-missing-authorization</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-scheduler/backup-scheduler-1513-cross-site-request-forgery</loc>
<lastmod>2022-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forum-server/wp-forum-server-165-sql-injection</loc>
<lastmod>2011-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preloader-plus/preloader-plus-wordpress-loading-screen-plugin-221-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-06T20:26:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kodo-qiniu/kodo-qiniu-150-cross-site-request-forgery</loc>
<lastmod>2024-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-bws/rating-by-bestwebsoft-17-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-video-gallery-with-lightbox/video-carousel-slider-with-lightbox-106-authenticated-admin-sql-injection</loc>
<lastmod>2024-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-post/related-posts-inline-related-posts-contextual-related-posts-related-content-by-pickplugins-2058-sensitive-information-exposure</loc>
<lastmod>2024-12-04T19:46:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/ulisting-plugin-205-authenticated-insecure-direct-object-references-idor</loc>
<lastmod>2021-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-917-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-dashboard/frontend-dashboard-225-unauthenticated-sql-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-ai/penci-ai-smartcontent-creator-20-missing-authorization</loc>
<lastmod>2026-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/apollo/apollo-night-club-dj-event-wordpress-131-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zoho-forms/zoho-forms-40-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mangboard/mang-board-wp-231-reflected-cross-site-scripting</loc>
<lastmod>2025-11-07T15:19:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wiser-notify/wisernotify-social-proof-25-missing-authorization</loc>
<lastmod>2023-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-572-authenticated-contributor-stored-cross-site-scripting-via-custom-gallery-and-countdown-widgets</loc>
<lastmod>2024-08-12T16:29:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-contest/video-contest-wordpress-plugin-32-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authentication-via-otp-using-firebase/firebase-otp-authentication-101-missing-authorization-to-privilege-escalation</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a-gateway-for-pasargad-bank-on-woocommerce/gateway-for-pasargad-bank-252-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-401-missing-authorization</loc>
<lastmod>2024-10-31T18:58:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/ajax-load-more-701-authenticated-admin-directory-traversal-to-arbitrary-file-read</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoshow/smart-image-gallery-1018-cross-site-request-forgery</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acnoo-flutter-api/acnoo-flutter-api-105-authentication-bypass-via-account-takeover</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/shoplentor-281-improper-authorization-via-woolentor_template_store</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickdesk-live-support-chat-plugin/live-chat-from-clickdesk-live-chat-help-desk-plugin-for-websites-43-cross-site-scripting</loc>
<lastmod>2014-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/123contactform-for-wordpress/123contactform-for-wordpress-156-arbitrary-file-upload</loc>
<lastmod>2021-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-2180-open-redirect</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-buttons-social-sharing-icons-151-arbitrary-options-deletion</loc>
<lastmod>2016-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/black-letterhead/black-letterhead-15-cross-site-scripting</loc>
<lastmod>2011-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-and-templates-1391-authenticated-contributor-stored-cross-site-scripting-via-logo-widget</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-music-player-podcast-player-radio-by-sonaar-58-authenticated-contributor-stored-cross-site-scripting-via-sonaar_audioplayer-shortcode</loc>
<lastmod>2024-11-18T18:57:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-312-arbitrary-file-upload</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-664-missing-authorization-to-unauthenticated-information-exposure-via-load_more-ajax-handler</loc>
<lastmod>2026-06-05T14:25:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2125-unauthenticated-resumes-download</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-2fa/wp-2fa-two-factor-authentication-for-wordpress-262-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anona/anona-80-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-2594-arbitrary-file-upload</loc>
<lastmod>2015-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/short-link/short-link-10-authenticated-administrator-stored-cross-site-scripting-via-administration-settings-page</loc>
<lastmod>2026-01-13T17:30:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-wall-and-social-integration/mitsol-social-post-feed-110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-277-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-envato/license-for-envato-100-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft/infusionsoft-gravity-forms-add-on-157-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsify-widget/wsify-widget-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-system-info/wp-system-information-15-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesin-html-sitemap/digihood-html-sitemap-311-reflected-cross-site-scripting-via-channel</loc>
<lastmod>2025-02-18T19:23:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-roles/multiple-roles-131-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genesis-style-shortcodes/genesis-style-shortcodes-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-3152-authenticated-subscriber-arbitrary-file-read-via-custom_svg-shortcode-parameter</loc>
<lastmod>2026-05-12T21:06:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-6471-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mg-advancedoptions/mg-advancedoptions-12-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T21:35:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-451-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-tweet-embed/easy-tweet-embed-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-wp/forms-for-mailchimp-by-optin-cat-grow-your-mailchimp-list-257-reflected-cross-site-scripting</loc>
<lastmod>2024-10-25T15:05:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-recaptcha/contact-form-7-recaptcha-120-cross-site-request-forgery</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-complete-email-deliverability-and-smtp-solution-with-email-logs-alerts-backup-smtp-mobile-app-362-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system-trafft/booking-system-trafft-1014-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/multifox/multifox-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mixtape/mixtape-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T18:53:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-instagram-feed/easy-social-photos-gallery-312-authenticated-contributor-stored-cross-site-scripting-via-wrapper_class-shortcode-attribute</loc>
<lastmod>2026-04-21T19:06:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-feeder/youtube-feeder-201-cross-site-request-forgery</loc>
<lastmod>2021-07-31T00:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/speed-booster-pack/speed-booster-pack-pagespeed-optimization-suite-419-authenticated-admin-remote-code-execution</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-344-unauthenticated-arbitrary-file-read-and-deletion-via-upload-field-old_files-parameter</loc>
<lastmod>2026-04-20T07:13:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-horizontal-vertical-and-accordion-tabs/wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-1117-authenticated-contributor-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-custom-registration-form-login-form-and-user-profile-wordpress-plugin-315-missing-authorization-to-unauthenticated-media-deletion</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-me-now/bulk-me-now-20-cross-site-request-forgery-to-message-deletion</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autowp-ai-content-writer-rewriter/autowp-208-cross-site-request-forgery</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpSS/wordpress-spreadsheet-wpss-062-cross-site-scripting</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cobble/cobble-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/quasar/quasar-wordpress-theme-with-animation-builder-192-authorization-bypass</loc>
<lastmod>2015-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-561-stored-cross-site-scripting</loc>
<lastmod>2016-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lafka-plugin/lafka-plugin-710-missing-authorization-to-authenticated-subscriber-theme-option-update</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alchemist-ajax-upload/alchemist-ajax-upload-11-missing-authorization-to-unauthenticated-arbitrary-media-file-deletion</loc>
<lastmod>2026-01-23T19:18:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-553-authenticated-author-stored-dom-based-cross-site-scripting-in-post-grid</loc>
<lastmod>2026-02-06T17:29:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wlm-api/better-wishlist-api-113-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bb-ultimate-addon/ultimate-addons-for-beaver-builder-1240-missing-authentication-bypass</loc>
<lastmod>2019-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filtre-de-surveillance-gouvernemental/filtre-de-surveillance-gouvernemental-11-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-364-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-156-missing-authorization-to-authenticated-subscriber-plugin-data-update</loc>
<lastmod>2024-08-20T17:25:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-consent/cookie-banner-cookie-consent-consent-log-cookie-scanner-script-blocker-for-gdpr-ccpa-eprivacy-wp-cookie-consent-407-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-12-16T17:48:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20240826-authenticated-contributor-sql-injection</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iva-business-hours-pro/business-hours-pro-550-arbitrary-file-upload</loc>
<lastmod>2021-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-serial-numbers/serial-numbers-for-woocommerce-license-manager-163-cross-site-request-forgery</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poeditor/poeditor-097-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reset/wp-reset-205-unauthenticated-sensitive-information-exposure-via-wf-licensinglog</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-589-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-07-09T15:38:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-me-on/find-me-on-2091-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/similarity/similarity-30-cross-site-request-forgery-to-plugin-reset</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-495-information-exposure-via-log-files</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-402-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadster-marketing-conversacional/leadster-112-cross-site-request-forgery-via-leadster_script_code_action</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelstats/pixelstats-082-reflected-cross-site-scripting</loc>
<lastmod>2025-03-14T14:23:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-editor-recorder/audio-editor-recorder-221-missing-authorization</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sender-net-automated-emails/sender-newsletter-sms-and-email-marketing-automation-for-woocommerce-2615-reflected-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-javascript-toolbox/css-javascript-toolbox-841-information-exposure</loc>
<lastmod>2018-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-profile-builder/ultimate-profile-builder-30-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-cart-abandonment-recovery/cart-abandonment-recovery-for-woocommerce-recover-lost-sales-with-automated-emails-210-authenticated-shop-manager-privilege-escalation</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-164-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/draft-notify/draft-notify-15-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-202-reflected-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supersaas-appointment-scheduling/supersaas-online-appointment-scheduling-2112-authenticated-contributor-stored-cross-site-scripting-via-after-parameter</loc>
<lastmod>2025-02-10T22:06:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-3201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2450-authenticated-admin-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-elementor-addons-page-templates-widgets-mega-menu-woocommerce-556-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-search/premmerce-product-search-for-woocommerce-224-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-235-missing-authorization-to-unauthenticated-information-exposure</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-pricing-tables-lite/ap-pricing-tables-lite-116-authenticated-admin-sql-injection</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authorsy/authorsy-author-box-multiple-authors-guest-authors-post-rating-105-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/boldgrid-backup/total-upkeep-by-boldgrid-1149-unauthenticated-backup-download</loc>
<lastmod>2020-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purge-varnish/purge-varnish-cache-26-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zawgyi-embed/zawgyi-embed-211-cross-site-request-forgery-via-zawgyi_forcecss-parameter</loc>
<lastmod>2026-05-11T19:05:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookiehint-wp/cookiehint-wp-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3619-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwebpro-store-locator/g-web-pro-store-locator-201-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.1/wordpress-core-312-sql-injection</loc>
<lastmod>2011-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drive-folder-embeder/drive-folder-embedder-110-authenticated-contributor-stored-cross-site-scripting-via-tablecssclass-parameter</loc>
<lastmod>2025-06-25T14:17:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator/uncanny-automator-6302-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-04-03T16:02:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lms-by-lifterlms-online-course-membership-learning-management-system-plugin-4210-stored-cross-site-scripting</loc>
<lastmod>2021-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-google-static-map/simple-google-static-map-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-rosters/team-rosters-47-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2025-01-30T00:40:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-with-slick-slider/logo-showcase-with-slick-slider-logo-carousel-logo-slider-logo-grid-124-cross-site-request-forgery</loc>
<lastmod>2021-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-telegram-chat/wps-telegram-chat-460-missing-authorization-to-information-exposure</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lawpress/lawpress-law-firm-website-management-145-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration-dropbox-extension/multiple-servmask-plugins-various-versions-missing-authorization-to-access-token-update</loc>
<lastmod>2023-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-upload-for-bbpress/inline-image-upload-for-bbpress-1118-cross-site-request-forgery-via-hm_bbpui_admin_page</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/szechenyi-2020-logo/szchenyi-2020-logo-11-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-516-missing-authorization-to-stored-cross-site-scripting-and-settings-update</loc>
<lastmod>2020-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-csvimport/woocommerce-csv-importer-336-arbitrary-file-deletion</loc>
<lastmod>2017-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-312-reflected-cross-site-scripting</loc>
<lastmod>2021-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-filter-search/vk-filter-search-2203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2118-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-1370-unauthenticated-mailchimp-api-key-disclosure</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-416-reflected-cross-site-scripting</loc>
<lastmod>2019-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-twitter/wd-widgettwitter-109-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/compact-wp-audio-player/compact-wp-audio-player-196-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-488-authenticated-contributor-stored-cross-site-scripting-via-html-tags</loc>
<lastmod>2024-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webd-woocommerce-advanced-reporting-statistics/advanced-woocommerce-product-sales-reporting-412-unauthenticated-information-exposure</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-leads-builder-any-crm/lead-form-data-collection-to-crm-31-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nix-anti-spam-light/nix-anti-spam-light-004-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slickr-flickr/slickr-flickr-281-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/web-testimonials/web-testimonials-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-344-authenticated-shop-manager-remote-code-execution</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kings-queens/kings-queens-1116-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker/rsvpmarker-1167-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-auto-upload-images/smart-auto-upload-images-120-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/automation-by-autonami-312-authenticated-administrator-sql-injection</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-284-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnel-builder/funnelkit-funnel-builder-for-woocommerce-checkout-31502-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-255-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-06-25T18:16:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grandconference-custom-post/grand-conference-theme-custom-post-type-264-reflected-cross-site-scripting</loc>
<lastmod>2025-05-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/index-wp-mysql-for-speed/index-wp-mysql-for-speed-1417-reflected-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-for-woocommerce-formerly-woof-1351-cross-site-request-forgery</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-channel/youtube-channel-30121-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/afterpay-gateway-for-woocommerce/afterpay-gateway-for-woocommerce-320-reflected-cross-site-scripting</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-the-search-solution-46-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T14:43:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-cliente-315-3125-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-page-icons/category-and-page-icons-091-arbitrary-file-upload-and-deletion</loc>
<lastmod>2014-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5250-form-submission-limit-bypass</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-pdf-invoice-builder/pdf-builder-for-woocommerce-create-invoicespacking-slips-and-more-208-authenticated-subscriber-remote-code-execution</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stickeasy-protected-contact-form/stickeasy-protected-contact-form-101-unauthenticated-information-disclosure</loc>
<lastmod>2026-02-13T14:25:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mail-log/wp-mail-log-111-unauthenticated-stored-cross-site-scripting-via-email</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-hotel-booking/wp-hotel-booking-2092-improper-authorization-on-multiple-rest-api-routes</loc>
<lastmod>2024-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-179-incorrect-authorization</loc>
<lastmod>2022-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1343-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-subscribe-sm/mailchimp-subscribe-forms-4091-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailin/newsletter-smtp-email-marketing-and-subscribe-forms-by-sendinblue-3139-cross-site-scripting</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplr-sync/photo-engine-640-missing-authorization</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/alone/alone-charity-multipurpose-non-profit-wordpress-theme-783-missing-authorization-to-unauthenticated-arbitrary-file-upload-via-plugin-installation</loc>
<lastmod>2025-07-14T15:24:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/jetapo-with-woocommerce/jetapo-jobboard-wordpress-theme-and-jetapo-jobboard-wordpress-theme-with-woocommerce-11-cross-site-scripting</loc>
<lastmod>2020-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-manual-spam-blocker/wordpress-spam-blocker-204-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e2pdf/e2pdf-12815-missing-authorization</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-7421-authenticated-subscriber-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-wp-variables/just-variables-123-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3581-cross-site-scripting</loc>
<lastmod>2021-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-735-authenticated-contributor-server-side-request-forgery-via-bitly-shortlink-bypass</loc>
<lastmod>2026-01-01T03:53:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-image-importer/url-image-importer-107-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2026-01-05T15:33:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bakkbone-florist-companion/floristpress-720-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxygenbuilder/oxygen-builder-482-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/work-travel-company/work-travel-company-12-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloud-sso-single-sign-on/cloud-saml-sso-1019-missing-authorization-to-unauthenticated-identity-provider-deletion-via-delete_config-action</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appointment-hour-booking/appointment-hour-booking-1372-unauthenticated-iframe-injection-via-appointment-form</loc>
<lastmod>2022-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zionbuilder/wordpress-page-builder-zion-builder-3616-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gerador-de-certificados-devapps/gerador-de-certificados-devapps-136-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2026-04-07T17:37:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smooth-dynamic-slider/smooth-dynamic-slider-10-reflected-cross-site-scriptign</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-group-documents/bp-group-documents-121-cross-site-request-forgery</loc>
<lastmod>2013-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-1365-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-manager/wp-event-manager-3150-unauthenticated-stored-cross-site-scripting-via-organizer_name</loc>
<lastmod>2025-07-15T17:11:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-core-1706-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-salesforce-plugin-crm-perks/integration-for-woocommerce-and-salesforce-175-open-redirect</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mad-mimi/mad-mimi-for-wordpress-151-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-642-authenticated-contributor-sql-injection</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsv-pdf-preview/rsv-pdf-preview-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearsale-total/clearsale-total-342-unauthenticated-sql-injection</loc>
<lastmod>2026-06-23T16:37:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redux-converter/redux-converter-1131-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon/coming-soon-page-under-construction-maintenance-mode-by-seedprod-6198-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2026-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-327-authenticated-author-limited-file-deletion</loc>
<lastmod>2025-08-18T16:23:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-261-cross-site-scripting</loc>
<lastmod>2016-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idealien-category-enhancements/idealien-category-enhancements-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box-gallerymeta/meta-box-gallerymeta-301-missing-authorization-to-authenticated-author-gallery-management</loc>
<lastmod>2026-01-23T20:03:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gpx-maps/wp-gpx-maps-1708-authenticated-contributor-stored-cross-site-scripting-via-sgpx-shortcode</loc>
<lastmod>2024-09-24T12:13:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livechat-woocommerce/livechat-woocommerce-2216-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pranayama-yoga/pranayama-yoga-122-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-recaptcha/wp-captcha-pro-538-authenticated-subscriber-authentication-bypass-via-temporary-login-link</loc>
<lastmod>2026-06-05T05:58:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified-info/wp-last-modified-info-190-authenticated-contributor-stored-cross-site-scripting-via-lmt-post-modified-info-shortcode</loc>
<lastmod>2024-08-19T15:52:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/branding/branding-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T16:06:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-3141-authenticated-contributor-stored-cross-site-scripting-via-pagepiling-widget</loc>
<lastmod>2024-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-119-unauthenticated-local-file-inclusion-via-wdk_public_action</loc>
<lastmod>2023-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shopire/shopire-1057-missing-authorization-to-authenticated-subscriber-limited-plugin-install</loc>
<lastmod>2026-02-18T15:29:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yikes-inc-easy-mailchimp-extender/easy-forms-for-mailchimp-685-reflected-cross-site-scripting</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nm-gift-registry-and-wishlist-lite/nm-gift-registry-and-wishlist-lite-513-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lodgixcom-vacation-rental-listing-management-booking-plugin/lodgixcom-vacation-rental-website-builder-3973-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-xml-sitemaps-generator/google-xml-sitemaps-generator-329-authenticated-admin-php-code-injection</loc>
<lastmod>2013-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/like-on-vkontakte/like-in-vkcom-052-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amministrazione-trasparente/amministrazione-trasparente-90-authenticated-administrator-stored-cross-site-scripting-via-print_r-function</loc>
<lastmod>2025-08-30T16:22:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-easy-maps/meks-easy-maps-214-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:34:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-arbitrary-user-meta-update</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-editor/guest-posting-frontend-posting-front-editor-wp-front-user-submit-500-missing-authorization-to-unauthenticated-media-deletion</loc>
<lastmod>2026-01-06T20:25:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/market-exporter/market-exporter-2021-missing-authorization</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-radio/wp-radio-worldwide-online-radio-stations-directory-for-wordpress-319-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hummingbird-performance/hummingbird-3180-unauthenticated-sensitive-information-exposure-via-log-file</loc>
<lastmod>2025-12-17T23:41:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-page-builder-lite-6313-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytm-donation/paytm-payment-donation-231-reflected-cross-site-scripting</loc>
<lastmod>2025-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapsmarker/leaflet-maps-marker-pro-158-path-traversal</loc>
<lastmod>2014-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-504-reflected-cross-site-scripting</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-597-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gallery-plugin/wordpress-gallery-plugin-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-social-share-options/all-social-share-options-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:32:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3626-unauthenticated-information-exposure</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-450-missing-authorization-to-donation-update</loc>
<lastmod>2025-08-20T16:38:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/walker-core/walker-core-1317-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2110-authenticated-subscriber-stored-cross-site-scripting-via-value</loc>
<lastmod>2025-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shrinktheweb-website-preview-plugin/shrinktheweb-stw-website-previews-285-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-121-unauthenticated-sql-injection</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-link-tracker/affiliate-link-tracker-02-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T05:46:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-137-jetpack-boost-347-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logout-menu/login-logout-menu-133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/corona-virus-covid-19-banner/corona-virus-covid-19-banner-live-data-1706-cross-site-request-forgery</loc>
<lastmod>2022-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2311-stored-cross-site-scripting</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zemanta/editorial-assistant-by-sovrn-133-missing-authorization-to-authenticated-subscriber-attachment-upload-and-set-post-featured-image</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tasty-recipes-lite/tasty-recipes-lite-115-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-292-stored-cross-site-scripting</loc>
<lastmod>2020-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields/advanced-custom-fields-510-missing-authorization-on-option-changes</loc>
<lastmod>2021-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verowa-connect/verowa-connect-304-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ithemes2/ithemes2-143-arbitrary-file-upload</loc>
<lastmod>2013-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/wp-superbackup-233-missing-authorization</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/protect-wp-admin/protect-wp-admin-37-cross-site-scripting</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imember360/imember360is-38012-39001-cross-site-scripting</loc>
<lastmod>2014-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-sitemap-feed/xml-sitemap-google-news-548-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-adsense-for-responsive-design-gard/google-adsense-for-responsive-design-gard-223-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/expresstechsoftwares-memberpress-discord-add-on/memberpress-discord-addon-111-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recall-products/recall-products-08-authenticated-sql-injection</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instapage/instapage-plugin-370-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-tables-in-wordpress-made-easy-23-authenticated-author-server-side-request-forgery-via-dns-rebind</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-widget/content-blocks-custom-post-widget-335-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catablog/catablog-170-authenticated-editor-arbitrary-file-deletion</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-payments-woocommerce/globalpayments-woocommerce-1183-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-546-authenticated-administrator-sql-injection-via-order_by-parameter</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-128-reflected-cross-site-scripting</loc>
<lastmod>2021-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-login-redirect/loginwp-291-multiple-cross-site-request-forgery-vulnerabilities</loc>
<lastmod>2019-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amr-users/amr-users-4594-authenticated-subscriber-csv-injection</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blockons/blockons-1215-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-613-ip-restriction-bypass</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-blocks/qi-blocks-136-authenticated-contributor-stored-cross-site-scripting-via-countdown-block</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gymbase_classes/gymbase-theme-classes-14-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-900-information-disclosure-via-rest-api</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-facebook-popup-likebox/popup-like-box-page-372-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-48-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-extend-builtin-query/built-in-widgets-query-extend-105-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-backend-language/one-backend-language-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-by-themencode/tnc-pdf-viewer-310-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wdes-responsive-mobile-menu/wdes-responsive-mobile-menu-125-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyappointments/easyappointments-132-information-disclosure</loc>
<lastmod>2019-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7116-authenticated-contributor-server-side-request-forgery-via-form_to_url_action</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-slide/wordpress-content-slide-142-cross-site-scripting</loc>
<lastmod>2015-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/share-to-google-classroom/share-to-google-classroom-10-authenticated-contributor-stored-cross-site-scripting-via-share_to_google-shortcode</loc>
<lastmod>2025-11-10T15:06:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-270-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/listing-classified-ads-business-directory-ulisting-203-unauthenticated-sql-injection</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-now-plus/buy-now-plus-102-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-640-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-ai-powered-support-ticketing-system-303-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-789-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yookassa/kassa-woocommerce-230-missing-authorization</loc>
<lastmod>2022-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templately/templately-315-missing-authorization-via-ajax-actions</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra/wp-extra-62-missing-authorization-to-htaccess-file-modification</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-shopping-cart/firestorm-shopping-cart-ecommerce-plugin-20702-sql-injection</loc>
<lastmod>2016-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-blocks/wp-travel-gutenberg-blocks-360-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-tables/product-table-by-wbw-214-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-related-posts/wp-related-posts-10-cross-site-request-forgery</loc>
<lastmod>2011-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postviews/wp-postviews-163-cross-site-request-forgery</loc>
<lastmod>2013-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userbase-access-control/userbase-access-control-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-central/video-central-for-wordpress-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5210-authentication-bypass</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mediatagger/wp-mediatagger-411-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linkedin-resume/linkedin-resume-200-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:38:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-custom-fields/smart-custom-fields-506-missing-authorization-to-authenticated-contributor-sensitive-information-exposure-via-relational-post-search</loc>
<lastmod>2026-03-23T09:49:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-events-calendar-event-booking-ticket-registration-ai-powered-418-missing-authorization-to-authenticated-subscriber-order-information-exposure</loc>
<lastmod>2026-04-13T18:46:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-optimize-web-vitals-automatically-244-missing-authorization-to-authenticated-subscriber-limited-setting-reset</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatroll-live-chat/chatroll-live-chat-250-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T16:23:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php-code-snippet/insert-php-code-snippet-136-cross-site-request-forgery-to-code-snippet-activatedeactivatedeletion</loc>
<lastmod>2024-08-14T14:04:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-webfonts-for-conoha/typesquare-webfonts-for-conoha-204-missing-authorization-to-authenticated-subscriber-plugin-settings-modification-via-fontthemeusetype-parameter</loc>
<lastmod>2026-05-19T12:13:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listamester/listamester-235-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-for-woocommerce/fibosearch-ajax-search-for-woocommerce-1230-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pop-up-pop-up/pop-up-115-privilege-escalation</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fg-joomla-to-wordpress/fg-joomla-to-wordpress-3310-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-theme-changer/simple-theme-changer-10-missing-authorization-to-plugin-settings-update-via-ajax-actions</loc>
<lastmod>2025-12-11T15:07:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luckywp-table-of-contents/luckywp-table-of-contents-215-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-schema-pro/schema-pro-277-cross-site-request-forgery</loc>
<lastmod>2023-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cf7-db/advanced-cf7-db-209-cross-site-request-forgery-to-form-entry-deletion</loc>
<lastmod>2026-04-08T05:13:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filter-custom-fields-taxonomies-light/filter-custom-fields-taxonomies-light-105-missing-authorization</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-4264-authenticated-contributor-stored-cross-site-scripting-via-content_protector-shortcode</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-reservations/quick-restaurant-reservations-167-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-popups-lite/wp-popups-2155-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-262-arbitrary-user-password-reset</loc>
<lastmod>2021-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/solid-security-basic-900-unauthenticated-login-page-disclosure</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-bulk-editor/seo-bulk-editor-110-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5460-missing-authorization-to-authenticated-subscriber-coupon-search</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp-me/rsvp-me-199-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberpress/memberpress-11124-reflected-cross-site-scripting-via-message-and-error</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mm-breaking-news/mm-breaking-news-079-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-product-categories-design/dynamic-product-category-grid-slider-for-woocommerce-113-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/allure-real-estate-theme-for-real-estate/allure-real-estate-theme-011-reflected-cross-site-scripting</loc>
<lastmod>2013-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spare/spare-17-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/circles-gallery/circles-gallery-1010-authenticated-admin-stored-cross-site-scripting-via-admin-settings</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quran-live/quran-live-multilanguage-103-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-21T19:06:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carzone/carzone-a-complete-car-dealer-html-wire-frame-37-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/reality/reality-230-stored-cross-site-scripting</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/dear-flipbook-pdf-flipbook-3d-flipbook-pdf-embed-pdf-viewer-2352-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woostify/woostify-250-authenticated-contributor-stored-cross-site-scripting-via-lityjs-library-via-data-lity-attribute-in-custom-html-block</loc>
<lastmod>2026-04-27T18:15:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-2106-missing-authorization-to-settings-reset</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-data-migrator/penci-soledad-data-migrator-131-reflected-cross-site-scripting</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft/infusionsoft-gravity-forms-add-on-153-1510-arbitrary-file-upload</loc>
<lastmod>2014-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic_carousel/magic-responsive-slider-and-carousel-wordpress-16-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chronicle/chronicle-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m-wp-popup/popup-custom-popup-builder-131-missing-capabilities-check</loc>
<lastmod>2022-06-14T14:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-forms/wow-forms-create-any-form-with-custom-style-313-authenticated-admin-sql-injection</loc>
<lastmod>2021-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpml/wpml-319-cross-site-scripting</loc>
<lastmod>2015-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4322-insecure-direct-object-reference-to-authenticated-instructor-teacher-material-deletion</loc>
<lastmod>2026-01-06T18:42:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/wordpress-webinar-plugin-webinarpress-13324-missing-authorization-to-authenticated-subscriber-webinar-updates</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-review-block/game-review-block-481-authenticated-contributor-stored-cross-site-scripting-via-classname-parameter</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/city-store/city-store-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exchange-rates/exchange-rates-122-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/md-custom-content/md-custom-content-after-or-before-of-post-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-pro/wp-travel-pro-1060-missing-authorization-to-unauthenticated-arbitrary-user-deletion-including-administrators</loc>
<lastmod>2026-05-28T14:22:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-by-email/post-by-email-104b-unauthenticated-arbitrary-file-upload-via-email-attachments</loc>
<lastmod>2025-09-29T15:30:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-brands/premmerce-brands-for-woocommerce-1213-cross-site-request-forgery</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/laboom/la-boom-27-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sidebar-adder/sidebar-adder-2-200-reflected-cross-site-scripting</loc>
<lastmod>2021-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-lite-508-reflected-cross-site-scripting</loc>
<lastmod>2022-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-full-stripe-free/stripe-payment-forms-831-unauthenticated-sql-injection</loc>
<lastmod>2025-10-24T18:16:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/block-spam-by-math-reloaded/block-spam-by-math-reloaded-224-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-box-office/woocommerce-box-office-1151-missing-authorization</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorypress/directorypress-3625-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motor-racing-league/motor-racing-league-199-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ts-webfonts-for-sakura/ts-webfonts-for-sakura-310-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-database-cleaner/advanced-database-cleaner-310-reflected-cross-site-scripting</loc>
<lastmod>2022-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-multi/contact-form-multi-by-bestwebsoft-multiple-forms-plugin-for-single-wordpress-website-121-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcargo/wpcargo-track-trace-801-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-blvd-shortcodes/theme-blvd-shortcodes-168-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblibrarian/weblibrarian-3487-cross-site-scripting</loc>
<lastmod>2017-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-394-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-540-missing-authorization-to-authenticated-subscriber-logo-deletion</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-category-tree/product-category-tree-25-missing-authorization</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-change-email-sender/wp-change-email-sender-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addfunc-mobile-detect/addfunc-mobile-detect-31-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clearblue-ovulation-calculator/clearblue-ovulation-calculator-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/waveride/waveride-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtubefreedown/youtube-freedown-10-remote-media-file-inclusion</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-320-missing-authorization</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4022-cross-site-request-forgery</loc>
<lastmod>2024-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-qrcode-me-v-card/qr-code-mecardvcard-generator-160-missing-authorization-via-wqm_make_url_permanent</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enquiry-quotation-for-woocommerce/product-enquiry-for-woocommerce-2212-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-spammer-registrations-plugin/stop-spammers-security-20226-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-orders-customers-exporter/woocommerce-orders-customers-exporter-50-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.0/wordpress-core-501-authenticated-stored-cross-site-scripting-via-comments</loc>
<lastmod>2018-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-compress-image-optimizer/wp-compress-image-optimizer-61108-missing-authorization-to-unauthenticated-cdn-modification</loc>
<lastmod>2024-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloak-front-end-email/cloak-front-end-email-195-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-1031-missing-authorization-to-unpublished-private-and-password-protected-quiz-information-disclosure-and-image-response-uploads</loc>
<lastmod>2026-01-05T20:24:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-embed-facebook/magic-embeds-311-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-164-cross-site-request-forgery</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-162-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2025-01-30T15:36:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3267-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20541-missing-authorization-via-get_jltma_save_menuitem_settings</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ogp/wp-ogp-105-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-2310-php-object-injection</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-dynamic-pricing-for-woocommerce/advanced-dynamic-pricing-for-woocommerce-490-reflected-cross-site-scripting</loc>
<lastmod>2025-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-elementor/powerfolio-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spiffy-calendar/spiffy-calendar-4911-authenticated-administrator-sql-injection</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kk-i-like-it/kk-i-like-it-1753-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weedmaps-menu-embed/weedmaps-menu-for-wordpress-120-authenticated-contributor-stored-cross-site-scripting-via-weedmaps_menu-shortcode</loc>
<lastmod>2025-09-29T15:24:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skillbars/skill-bar-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-content-password-protect/exclusive-content-password-protect-110-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-access-manager/user-access-manager-2216-ip-spoofing</loc>
<lastmod>2023-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/autowp-ai-content-writer-rewriter/autowp-222-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-order-notification-for-woocommerce/new-order-notification-for-woocommerce-202-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-239-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catalyst-connect-client-portal/catalyst-connect-zoho-crm-client-portal-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-popup-builder-062-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oliver-pos/oliver-pos-a-woocommerce-point-of-sale-pos-2418-cross-site-request-forgery</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ticket-tailor/ticket-tailor-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/host-php-info/host-php-info-104-missing-authorization-to-unauthenticated-sensitive-information-disclosure</loc>
<lastmod>2025-01-06T16:23:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-3221-authenticated-contributor-stored-cross-site-scripting-via-testimonial_view-shortcode</loc>
<lastmod>2026-04-07T15:48:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-pro-629-unauthenticated-information-disclosure</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-bet/easy-bet-107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-as-users/login-as-users-143-missing-authorization-to-privielge-escalation-via-account-takeover</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/conformer-elementor/conformer-for-elementor-107-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melhor-envio-cotacao/melhor-envio-2163-missing-authorization</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-727-missing-authorization</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-on-demand-search-and-replace/cm-on-demand-search-and-replace-152-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-events-manager/wp-events-manager-2111-authenticated-subscriber-time-based-sql-injection</loc>
<lastmod>2024-08-30T19:50:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-807-cross-site-request-forgery</loc>
<lastmod>2022-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makesweat/makesweat-01-authenticated-administrator-stored-cross-site-scripting-via-makesweat_clubid-setting</loc>
<lastmod>2026-01-13T16:47:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenhouse-job-board/greenhouse-job-board-273-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5931-authenticated-subscriber-stored-cross-site-scripting-via-displayname-parameter</loc>
<lastmod>2026-01-06T14:32:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/osticket-wp-bridge/osticket-wp-bridge-192-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-19T18:23:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11313-authenticated-contributor-stored-cross-site-scripting-via-geo_mashup_visible_posts_list-shortcode</loc>
<lastmod>2024-09-30T18:40:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verbalize-wp/verbalize-wp-10-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seur/seur-oficial-2211-reflected-cross-site-scripting</loc>
<lastmod>2024-10-28T20:26:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-839-unauthenticated-backup-file-download-and-upload</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-accordion-free/easy-accordion-best-accordion-faq-plugin-for-wordpress-234-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-custom-product-tabs-lite/custom-product-tabs-lite-for-woocommerce-176-authenticated-store-manager-stored-cross-site-scripting</loc>
<lastmod>2022-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/c9-admin-dashboard/c9-admin-dashboard-135-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2025-02-20T15:04:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jobwp/wordpress-job-board-and-recruitment-plugin-jobwp-20-arbitrary-file-upload-via-jobwp_upload_resume</loc>
<lastmod>2023-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-331-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobigatevn/mobigate-103-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21029-cross-site-request-forgery</loc>
<lastmod>2024-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-1510-refletced-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-351-unauthenticated-sql-injection-via-automationid</loc>
<lastmod>2025-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-addon-for-beaver-builder/powerpack-lite-for-beaver-builder-1304-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-videos/video-gallery-youtube-gallery-176-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/powerlift/powerlift-321-missing-authorization</loc>
<lastmod>2025-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-482-missing-authorization</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-amazon-payments-advanced/woocommerce-amazon-pay-200-reflected-cross-site-scripting</loc>
<lastmod>2021-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-28-authenticated-admin-phar-deserialization</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-subscribe-button/podlove-subscribe-button-137-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-149-unauthenticated-email-exposure-via-wdk_public_action</loc>
<lastmod>2026-01-23T23:36:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluent-support/fluent-support-176-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadquizzes/leadquizzes-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-code-based-content-protection/zip-code-based-content-protection-100-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/colibri-wp/colibriwp-theme-framework-various-versions-missing-authorization</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliateimportereb/affiliateimportereb-106-reflected-cross-site-scripting-via-ebdn_min_price</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i3geek-baiduxzh/baiduxzh-submit-146-reflected-cross-site-scripting</loc>
<lastmod>2025-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-ui/custom-post-type-ui-1181-authenticated-administrator-stored-cross-site-scripting-via-label-import-parameter</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-with-typesense/search-with-typesense-208-authenticated-admin-path-traversal</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-post-info/export-post-info-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-321-missing-authorization</loc>
<lastmod>2025-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-2056-authenticated-contributor-stored-cross-site-scripting-via-pricing-table-widget</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-pages/wordpress-landing-pages-224-cross-site-scripting</loc>
<lastmod>2016-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1375-missing-authorization-to-password-reset</loc>
<lastmod>2016-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-translator/global-translator-202-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/harper/harper-113-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-453-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loi-hamon/woocommerce-loi-hamon-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-insightly/wp-insightly-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-115-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enl-newsletter/enl-newsletter-101-cross-site-request-forgery-to-campaign-deletion</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-license-manager/software-license-manager-447-reflected-cross-site-scripting</loc>
<lastmod>2021-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-blocks/bblocks-essential-gutenberg-blocks-patterns-collection-2031-authenticated-contributor-privilege-escalation</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-mobile-friendly-drag-drop-contact-form-builder-11523-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/wp-ultimate-review-203-cross-site-request-forgery</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-838-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himer/himer-210-cross-site-request-forgery-to-group-leave</loc>
<lastmod>2024-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-gallery-singsys/singsys-awesome-gallery-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-180-reflected-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crudlab-scroll-to-top/crudlab-scroll-to-top-101-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-login-page/better-wp-login-page-112-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-chat-widget/sticky-chat-widget-118-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy-pro/brizy-pro-280-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-manager-powered-by-behance/behance-portfolio-manager-175-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wsb-brands/wsb-brands-118-authenticated-administrator-stored-cross-site-scripting-via-logo</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/multiple-plugins-by-crocoblock-various-versions-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ds-blog-map/wp-ds-blog-map-313-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-404-redirect-to-homepage/all-404-redirect-to-homepage-121-reflected-cross-site-scripting-via-tab-parameter</loc>
<lastmod>2021-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-637-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wowpress/wowpress-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-04-07T17:36:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-media-library/download-media-library-021-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-d3/wp-d3-241-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsid-shortcode/wpsid-shortcode-1092-open-redirect</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-extension/booster-extension-120-basic-information-exposure-via-booster_extension_authorbox_shortcode_display</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nitropack/nitropack-1170-missing-authorization-to-authenticated-subscriber-arbitrary-transient-update</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images-ape/gallery-images-ape-1614-stored-cross-site-scripting</loc>
<lastmod>2019-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xtra-settings/xtra-settings-218-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-1127-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-cf7/extensions-for-cf7-contact-form-7-database-conditional-fields-and-redirection-328-unauthenticated-arbitrary-file-deletion-triggered-via-admin-form-submission-deletion</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-308-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember/armember-premium-551-privilege-escalation</loc>
<lastmod>2022-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connatix-video-embed/connatix-video-embed-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T16:02:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/logo-showcase-ultimate/logo-showcase-ultimate-logo-carousel-logo-slider-logo-grid-141-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-08-26T19:28:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/opal-portfolios/opal-portfolio-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-553-directory-traversal</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2110-unauthenticated-php-object-injection-via-job-application-fields</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3832-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-views-count/page-view-count-260-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/salutation-wp/salutation-3016-authenticated-stored-cross-site-scripting</loc>
<lastmod>2017-07-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-search-replace/better-search-replace-144-unauthenticated-php-object-injection</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-member-subscriptions/paid-member-subscriptions-241-reflected-cross-site-scripting</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lightspeed/lightspeed-112-arbitrary-file-upload</loc>
<lastmod>2013-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-event-manager/quick-event-manager-964-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/remove-schema/remove-schema-15-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-programmmanager/wp-pmanager-12-authenticated-admin-sql-injection</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-796-authenticated-administrator-sql-injection</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/darna-framework/darna-framework-29-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-missing-authorization-to-authenticated-subscriber-trash-empty</loc>
<lastmod>2025-11-20T17:00:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiwi-social-share/social-sharing-plugin-kiwi-217-information-disclosure</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/call-now-button/call-now-button-1413-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-publication-archive/wp-publication-archive-301-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captchelfie-captcha-by-selfie/captchelfie-captcha-by-selfie-107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-306-admin-cross-site-scripting</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exertio-framework/exertio-framework-131-unauthenticated-arbitrary-user-password-update</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pushengage/pushengage-web-push-notifications-woocommerce-automation-chat-widget-423-authenticated-subscriber-information-exposure</loc>
<lastmod>2026-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-bot/contentbot-ai-writer-124-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postify-for-elementor/postify-post-layout-for-elementor-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myaliceai/myalice-live-chat-whatsapp-facebook-messenger-instagram-chatbot-for-woocommerce-127-stored-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vimeography/vimeography-244-sensitive-information-exposure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-admin-menu/custom-admin-menu-100-reflected-cross-site-scripting</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dialogity-website-chat/dialogity-free-live-chat-103-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-bulk-order-form/quickbulk-order-form-for-woocommerce-357-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joan/jock-on-air-now-561-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translator/translator-03-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auth0/login-by-auth0-3110-3112-cross-site-scripting</loc>
<lastmod>2020-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/passwords-manager/passwords-manager-148-missing-authorization-to-authenticated-subscriber-add-password-update-encryption-key</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-dropbox-upload-form/simple-dropbox-upload-1881-arbitrary-file-upload</loc>
<lastmod>2013-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/stal/stl-17-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-all-in-one-expansion-unit/vk-all-in-one-expansion-unit-91121-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-17T19:13:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email/wp-email-2682-spam-protection-bypass</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-sandwich/page-builder-sandwich-front-end-page-builder-510-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eroom-zoom-meetings-webinar/eroom-zoom-meetings-webinar-137-unauthorized-setting-update</loc>
<lastmod>2022-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-contact-form-29551-authenticated-sql-injection</loc>
<lastmod>2016-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-165-cross-site-scripting-via-wpf-dw-td-value-class</loc>
<lastmod>2020-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-xprofile-custom-field-types/buddypress-xprofile-custom-field-types-128-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-01-05T16:27:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-330-authenticated-contributor-stored-cross-site-scripting-via-mf_thankyou-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2232-unauthenticated-sql-injection</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-skill-bar/skt-skill-bar-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro-mediamanager/media-manager-for-userpro-3120-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-01-30T00:49:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-comments/audio-comments-plugin-104-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeeng-push-notifications/jeeng-push-notifications-203-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-pdf-viewer/simple-pdf-viewer-19-authenticated-contributor-stored-cross-site-scripting-via-googlepdf-shortcode</loc>
<lastmod>2023-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/gallery-blocks-with-lightbox-image-gallery-html5-video-youtube-vimeo-video-gallery-and-lightbox-for-native-gallery-3242-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T17:21:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-conferencing-with-zoom-api/video-conferencing-with-zoom-409-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form/easy-form-279-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-fields/simple-fields-1410-reflected-cross-site-scripting</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-push-notification/all-push-notification-for-wp-153-reflected-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/threewp-email-reflector/threewp-email-reflector-116-cross-site-scripting</loc>
<lastmod>2012-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jtrt-responsive-tables/jtrt-responsive-tables-419-cross-site-request-forgery</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orange-confort-plus/orange-confort-accessibility-toolbar-for-wordpress-07-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-05T18:31:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-notes/site-notes-200-cross-site-request-forgery-to-admin-note-deletion</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-flipkart-importer/wp-flipkart-importer-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-payment-gateway/payment-plugins-braintree-for-woocommerce-3278-missing-authorization-to-payment-token-exposure-and-transaction-fraud</loc>
<lastmod>2025-11-11T20:05:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3543-authenticated-subscriber-stored-cross-site-scripting-via-multiple-checkbox-and-multiple-select-user-profile-fields</loc>
<lastmod>2026-01-14T17:16:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-espresso-decaf/event-espresso-4-decaf-41011-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feather-login-page/feather-login-page-115-cross-site-request-forgery-via-savedata</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cleantalk-spam-protect/spam-protection-antispam-firewall-by-cleantalk-610-missing-authorization</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tennis-sportclub/tennis-sportclub-tennis-sports-events-wordpress-theme-123-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-live-preview/live-preview-for-contact-form-7-120-missing-authorization-via-update_option</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-3611-missing-authorization</loc>
<lastmod>2026-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alex-reservations/alex-reservations-smart-restaurant-booking-205-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floating-social-bar/floating-social-bar-117-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-maps/wp-google-maps-9029-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-helpdesk-customer-support-ticket-system-344-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextdate/next-date-10-authenticated-contributor-stored-cross-site-scripting-via-default-shortcode-attribute</loc>
<lastmod>2026-05-11T19:07:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/synergy-project-manager/synergy-project-manager-15-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-builder/skt-page-builder-46-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-400-stored-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-facebook-likebox/easy-social-feed-social-photos-gallery-post-feed-like-box-667-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T13:45:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitget/twitget-332-stored-cross-site-scripting</loc>
<lastmod>2014-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8116-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-wp-superbackup/wp-superbackup-233-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-271-unauthenticated-sql-injection</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1316-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3132-missing-authorization-to-unauthenticated-submission-disclosure</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pb-seo-friendly-images/pb-seo-friendly-images-405-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-125-unauthenticated-arbitrary-file-upload-via-set_image</loc>
<lastmod>2025-05-23T14:33:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gucherry-blog/gucherry-blog-118-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/u-design/udesign-473-reflected-cross-site-scripting</loc>
<lastmod>2024-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clikstats/clik-stats-08-reflected-cross-site-scripting-via-_serverphp_self</loc>
<lastmod>2025-12-03T17:02:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-reloaded/limit-login-attempts-reloaded-2152-reflected-cross-site-scripting</loc>
<lastmod>2020-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qs-dark-mode/qs-dark-mode-30-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/multiple-plugins-by-tychesoftwares-various-versions-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ethiopian-calendar/ethiopian-calendar-111-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-478-reflected-cross-site-scripting</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/wp-booking-calendar-1010-unauthenticated-post-confirmation-booking-manipulation</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ark-wysiwyg-comment-editor/ark-commenteditor-2156-iframe-injection</loc>
<lastmod>2021-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-36-arbitrary-file-upload</loc>
<lastmod>2014-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-more-than-just-a-page-builder-3274-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-19T15:50:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-475-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldap-login-for-intranet-sites/active-directory-integration-ldap-integration-419-unauthenticated-information-disclosure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-alert/seo-alert-159-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-meter/search-meter-2132-remote-code-execution</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2232-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-2311-arbitrary-file-upload</loc>
<lastmod>2016-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pocket-urls/wp-pocket-urls-102-reflected-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-carousel-slider-and-grid-ultimate/product-carousel-slider-grid-ultimate-for-woocommerce-1910-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pluginpass-pro-plugintheme-licensing/pluginpass-0910-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2025-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wassup/wassup-real-time-analytics-1944-cross-site-scripting</loc>
<lastmod>2020-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zara-4/zara-4-image-compression-12172-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-click-order-reorder/one-click-order-re-order-119-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-blocks/skt-blocks-gutenberg-based-page-builder-16-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpresslane-integration-for-woocommerce/xpresslane-fast-checkout-100-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-4171-sql-injection-via-orderby-order-parameters</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melhor-envio-cotacao/melhor-envio-21119-cross-site-request-forgery-and-authenticated-settings-change</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sell-media/sell-media-2585-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:06:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-feed/photo-feed-221-reflected-cross-site-scripting-via-pf-gid</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-ad-manager-adsense-ads-153-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2015-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sv-forms/sv-forms-2005-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bus-ticket-booking-with-seat-reservation/bus-ticket-booking-with-seat-reservation-565-unauthenticated-information-exposure</loc>
<lastmod>2026-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-social-lite/all-in-one-social-lite-10-server-side-request-forgery</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linux-promotional-plugin/linux-promotional-plugin-14-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:48:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-display-products-by-tags/woocommerce-display-products-by-tags-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-1075-unauthenticated-reflected-cross-site-scripting-via-code</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2361-reflected-cross-site-scripting</loc>
<lastmod>2021-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demomentsomtres-wp-export/demomentsomtres-wordpress-export-posts-with-images-20220825-missing-authorization-to-blog-data-export</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epeken-all-kurir/epeken-all-kurir-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iframe-admin-pages/iframe-admin-pages-01-reflected-cross-site-scripting</loc>
<lastmod>2012-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/single-user-chat/single-user-chat-05-authenticated-subscriber-limited-options-update</loc>
<lastmod>2025-01-30T00:45:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-153-sql-injection</loc>
<lastmod>2014-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gn-publisher/gn-publisher-155-reflected-cross-site-scripting</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-mestres-wp/checkout-mestres-wp-7196-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dk-pricr-responsive-pricing-table/responsive-pricing-table-516-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fusion-lite/wp-fusion-lite-33718-cross-site-request-forgery-to-data-deletion</loc>
<lastmod>2021-08-06T17:51:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-database-error-manager/wp-database-error-manager-216-reflected-cross-site-scripting</loc>
<lastmod>2020-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spam-free-wordpress/spam-free-wordpress-193-full-path-disclosure</loc>
<lastmod>2013-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2103-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-3616-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formbuilder/formbuilder-108-sql-injection</loc>
<lastmod>2016-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-pdf-generator/advanced-pdf-generator-040-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcrawl-seo/smartcrawl-seo-checker-analyzer-optimizer-3143-missing-authorization-to-plugin-settings-update</loc>
<lastmod>2025-09-29T16:32:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2691-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-plugin-235-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cena/cena-store-21126-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-250-cross-site-scripting</loc>
<lastmod>2020-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-442-unauthenticated-stored-self-based-cross-site-scripting</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-courses/wp-courses-lms-323-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bricks/bricks-10-153-missing-authorization-to-arbitrary-content-creationmodification</loc>
<lastmod>2022-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/serped-net/serpednet-44-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikrentcar/vik-rent-car-116-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2021-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdirectorykit/wp-directory-kit-121-cross-site-request-forgery-to-plugin-settings-changedelete-demo-import-directory-kit-modificationdeletion-via-admin_page_display</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-ultimate-form-builder-842-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2021-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copy-or-move-comments/copy-or-move-comments-504-reflected-cross-site-scripting</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-28815-insufficient-authorization-to-information-disclosure</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-1715-directory-traversal</loc>
<lastmod>2014-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/influencer/influencer-117-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friendstore-for-woocommerce/friendstore-for-woocommerce-142-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-resume-parser/pdf-resume-parser-10-unauthenticated-sensitive-information-disclosure-in-smtp-credentials</loc>
<lastmod>2026-01-13T16:44:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sina-extension-for-elementor/sina-extension-for-elementor-221-local-file-inclusion</loc>
<lastmod>2019-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aspose-pdf-exporter/asposepdf-exporter-20-arbitrary-file-download</loc>
<lastmod>2015-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peepso-core/community-by-peepso-6090-cross-site-request-forgery-to-field-duplication</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3194-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-nested-showhide-text/persian-nested-showhide-text-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virusdie/virusdie-116-missing-authorization</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-planner/progress-planner-091-missing-authorization</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobiloud-mobile-app-plugin/mobiloud-wordpress-mobile-apps-convert-your-wordpress-website-to-native-mobile-apps-238-cross-site-scripting</loc>
<lastmod>2014-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-cleaner/media-cleaner-clean-your-wordpress-672-unauthenticated-information-exposure</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w2s-migrate-woo-to-shopify/w2s-migrate-woocommerce-to-shopify-121-missing-authorization-to-authenticated-subscriber-arbitrary-file-read</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6713-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/optimole-optimize-images-convert-webp-avif-cdn-lazy-load-image-optimization-426-cross-site-request-forgery-via-optml_replace_file-ajax-action</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-file-manager/secure-file-manager-282-remote-code-execution</loc>
<lastmod>2020-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/software-license-manager/software-license-manager-449-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/multiple-wow-company-plugins-various-versions-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpi-wp-migration/wp-for-cpi-102-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-11-10T14:51:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion-pro/blocksy-companion-pro-2129-unauthenticated-sql-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revive-so/reviveso-207-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1522-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-toolkit/bbpress-toolkit-1012-cross-site-request-forgery</loc>
<lastmod>2023-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-pay-writer/penci-pay-writer-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-city-selector/acf-city-selector-1160-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accept-stripe-payments-using-contact-form-7/accept-stripe-payments-using-contact-form-7-25-unauthenticated-information-exposure</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-software-licensing/easy-digital-downloads-software-licensing-323-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-videogallery/dzs-video-gallery-1239-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-453-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jwt-auth/firebase-php-jwt-600-algorithm-confusion</loc>
<lastmod>2022-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transposh-translation-filter-for-wordpress/transposh-wordpress-translation-107-unauthenticated-stored-cross-site-scripting-via-tp_translation</loc>
<lastmod>2022-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-124-authenticated-contributor-sensitive-information-exposure-via-elementor-template</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unyson/unyson-2729-cross-site-request-forgery</loc>
<lastmod>2024-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-163-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-6310-cross-site-request-forgery</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cforms2/cformsii-131-cross-site-scripting</loc>
<lastmod>2014-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/piqes/piqes-1011-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11317-unauthenticated-sql-injection-via-sort-parameter</loc>
<lastmod>2026-02-24T19:41:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elasticpress/elasticpress-353-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woozone/woocommerce-amazon-affiliates-wordpress-plugin-14100-reflected-cross-site-scripting</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aptivada-for-wp/aptivada-for-wp-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchie/searchie-1170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:03:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-json-ld-wpsc-163-authenticated-contributor-stored-cross-site-scripting-via-sc_fs_local_business-shortcode</loc>
<lastmod>2025-03-03T19:48:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-246-authenticated-contributor-stored-cross-site-scripting-via-titletag</loc>
<lastmod>2024-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-text-to-image/lana-text-to-image-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-52-local-file-inclusion</loc>
<lastmod>2022-05-16T06:54:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-33-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.4/wordpress-core-441-cross-site-scripting-via-theme-names</loc>
<lastmod>2016-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joan/jock-on-air-now-joan-604-missing-authorization</loc>
<lastmod>2025-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-special-textboxes/special-text-boxes-59110-cross-site-scripting</loc>
<lastmod>2022-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animated-al-list/animated-al-list-106-reflected-cross-site-scripting</loc>
<lastmod>2024-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-371-authenticated-contributor-server-side-template-injection-to-remote-code-execution</loc>
<lastmod>2025-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-archive-list-widget/js-archive-list-617-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-specific-rss-feed-menu/category-specific-rss-feed-subscription-21-cross-site-request-forgery</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-us-page-contact-people/contact-us-page-contact-people-lite-374-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-5817-admin-sql-injection</loc>
<lastmod>2022-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-data-guards/wordpress-data-guard-8-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-390-arbitrary-file-upload</loc>
<lastmod>2016-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upload-am-file-hosting-vpn/uploadam-file-hosting-vpn-100-authenticated-contributor-arbitrary-options-disclosure</loc>
<lastmod>2025-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/pagelayer-181-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qr-code-composer/qr-code-composer-automatic-qr-code-generator-203-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getwid/getwid-gutenberg-blocks-2012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jiangqie-official-website-mini-program/jiangqie-official-website-mini-program-182-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-carousel-slider/vertical-carousel-102-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-coming-soon/coming-soon-chop-chop-224-reflected-cross-site-scripting</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mail/smtp-mail-1346-unauthenticated-stored-cross-site-scripting-via-email-subject</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flatpm-wp/flatpm-3105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zip-code-based-content-protection/zip-code-based-content-protection-102-unauthenticated-sql-injection-via-zipcode-parameter</loc>
<lastmod>2026-03-06T11:52:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/akal/akal-multipurpose-wordpress-theme-all-versions-reflected-cross-site-scripting</loc>
<lastmod>2016-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taobaoke/wordpress-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-youtube-shortcode/enhanced-youtube-shortcode-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multilingual/woocommerce-multilingual-multicurrency-536-missing-authorization</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/travelicious/travelicious-167-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kudos-donations/kudos-donations-easy-donations-and-payments-with-mollie-312-cross-site-request-forgery</loc>
<lastmod>2021-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/automation-by-autonami-261-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icon/web-icons-10010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.3/wordpress-core-233-wordpress-mu-132-remote-code-execution</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-71-unauthenticated-privilege-escalation-via-password-resetaccount-takeover</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keep-backup-daily/keep-backup-daily-208-unauthenticated-information-disclosure</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seosamba-webmasters/seosamba-for-wordpress-webmasters-105-cross-site-request-forgery</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listeo/listeo-directory-listings-with-booking-wordpress-theme-1611-insecure-direct-object-reference</loc>
<lastmod>2021-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-admin-interface/wp-custom-admin-interface-731-missing-authorization-via-wpcai_pro_notice_disable</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-per-product/woocommerce-shipping-per-product-254-missing-authorization</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-easy-duplicate-product/woocommerce-easy-duplicate-product-0300-reflected-cross-site-scripting-via-wedp_duplicated</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ga-backend-tracking/cookieless-backend-server-tracking-for-google-analytics-wordpress-plugin-121-cross-site-scripting</loc>
<lastmod>2019-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-535-multiple-unprotected-ajax-actions</loc>
<lastmod>2022-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2135-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postman-smtp/postman-smtp-172-reflected-cross-site-scripting</loc>
<lastmod>2017-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-drag-and-drop-form-builder-for-wordpress-221-unauthenticated-stripe-payment-amount-manipulation</loc>
<lastmod>2026-02-13T18:17:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/honor/honor-shooting-club-weapon-and-gun-store-theme-23-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multilingual/woocommerce-multilingual-multicurrency-with-wpml-5331-authenticated-shop-manager-sql-injection</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-plugin-294-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/solace-extra/solace-extra-130-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-google-maps/arrow-maps-109-reflected-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delicious-recipes/wp-delicious-184-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-facebook/social-feed-1546-authenticated-author-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-members/team-members-531-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-event/ht-event-145-cross-site-request-forgery-leading-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modeltheme-addons-for-wpbakery/modeltheme-addons-for-wpbakery-and-elementor-156-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ironfit/ironfit-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-manager/wp-job-manager-200-missing-authorization</loc>
<lastmod>2024-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-215-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-300-information-disclosure</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-login-redirect/loginwp-291-cross-site-scripting</loc>
<lastmod>2016-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-submitted-posts/user-submitted-posts-20241026-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T18:47:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-classifieds-plugin-216-unauthenticated-stored-cross-site-scripting-via-adverts_add-shortcode</loc>
<lastmod>2024-10-29T18:16:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostel/hostel-1158-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-enquiry-for-woocommerce/product-enquiry-for-woocommerce-317-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-168-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cozystay/cozystay-171-unauthenticated-php-object-injection</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-auto-links/auto-amazon-links-511-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/melapress-login-security/melapress-login-security-130-authenticated-admin-remote-file-inclusion</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anih/anih-creative-agency-wordpress-theme-2024-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T14:11:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-list-manager/video-list-manager-17-authenticated-admin-sql-injection</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-seo/yoast-seo-268-authenticated-contributor-stored-cross-site-scripting-via-yoast-schema-block-attribute</loc>
<lastmod>2026-02-05T22:18:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-shipping-multiple-addresses/woocommerce-ship-to-multiple-addresses-385-missing-authorization</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-list/authors-list-204-unauthenticated-arbitrary-shortcode-execution-via-update_authors_list_ajax</loc>
<lastmod>2024-12-03T14:19:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/borderless/borderless-158-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fareharbor/fareharbor-for-wordpress-366-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/boldman/boldman-77-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-saveredirectsettings-function</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4241-missing-authorization</loc>
<lastmod>2025-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripetto/wordpress-form-builder-plugin-for-contact-forms-surveys-and-quizzes-tripetto-514-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2022-04-26T06:54:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-noexternallinks/wp-no-external-links-3519-reflected-cross-site-scripting</loc>
<lastmod>2017-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/word-balloon/word-balloon-4211-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/o2tweet/o2tweet-004-cross-site-request-forgery</loc>
<lastmod>2014-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/contact-form-survey-quiz-popup-form-builder-arforms-172-unauthenticated-blind-arbitrary-shortcode-execution</loc>
<lastmod>2026-03-20T15:21:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-role/user-role-by-bestwebsoft-166-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prayer-times-anywhere/prayer-times-anywhere-201-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontis-blocks/frontis-blocks-115-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-136-238-authentication-bypass-to-admin</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-134-authenticated-contributor-stored-cross-site-scripting-via-price-table-and-post-slider-widgets</loc>
<lastmod>2024-05-29T21:25:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-ultimate/image-hover-effects-ultimate-961-unauthenticated-arbitrary-options-update</loc>
<lastmod>2021-12-15T14:44:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-for-wordpress/ar-for-wordpress-73-missing-authorization-to-unauthenticated-limited-file-upload</loc>
<lastmod>2024-12-12T14:54:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bank-mellat/bank-mellat-200-reflected-cross-site-scripting</loc>
<lastmod>2022-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-514-reflected-cross-site-scripting</loc>
<lastmod>2014-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ayecode-connect/ayecode-connect-138-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-chatbox-manager/chatbox-manager-122-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/metro/metro-213-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/window-ac-services/ac-services-hvac-air-conditioning-heating-company-wordpress-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-8031-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2993-cross-site-scripting</loc>
<lastmod>2019-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-elementor/post-grid-image-gallery-portfolio-for-elementor-powerfolio-31-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-seo-booster/wp-social-seo-booster-knowledge-graph-social-signals-seo-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-event-calendar-event-registration-tickets-booking-ai-powered-4112-missing-authorization</loc>
<lastmod>2026-06-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-beaver-builder-lite/ultimate-addons-for-beaver-builder-lite-157-authenticated-contributor-stored-cross-site-scripting-via-info-table-widget</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-panoramio/wp-panoramio-150-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/html5-mp3-player-with-folder-feedburner-280-authenticated-author-php-object-injection</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-99-missing-authorization</loc>
<lastmod>2024-06-07T19:08:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-1071-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/nd-booking-24-unauthenticated-arbitrary-options-update</loc>
<lastmod>2019-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-address-obfuscation/email-address-obfuscation-101-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2024-12-03T23:42:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/flatnews/flatnews-58-reflected-cross-site-scripting</loc>
<lastmod>2025-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cip4-folder-download-widget/cip4-folder-download-widget-111-local-file-inclusion</loc>
<lastmod>2015-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filedownload/filedownload-plugin-14-cross-site-scripting</loc>
<lastmod>2015-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/socialgrid/socialgrid-24-cross-site-scripting</loc>
<lastmod>2011-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1534-sql-injection</loc>
<lastmod>2019-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-multihotel/js-multihotel-221-reflected-cross-site-scripting</loc>
<lastmod>2013-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/info-cards/info-cards-1011-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vikbooking/vikbooking-hotel-booking-engine-pms-1810-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-slider-shortcode/testimonial-slider-shortcode-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dessau/dessau-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/office-locator/office-locator-130-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpnamedusers/wpnamedusers-05-cross-site-request-forgery</loc>
<lastmod>2025-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-content-by-country/custom-content-by-country-312-cross-site-request-forgery</loc>
<lastmod>2022-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-request-forgery-to-cross-site-scripting-via-wpglobus_optionselector_wp_list_pagesshow_selector</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lytebox/lytebox-13-local-file-inclusion</loc>
<lastmod>2009-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/book-landing-page/book-landing-page-123-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-appointment-online/book-appointment-online-138-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-341-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-faq/cm-faq-simplify-support-with-an-intuitive-faq-management-tool-125-reflected-cross-site-scripting</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-reviews/wp-social-ninja-embed-social-feeds-customer-reviews-chat-widgets-google-reviews-youtube-feed-photo-feeds-and-more-401-missing-authorization-to-unauthenticated-plugins-settings-disclosure-and-modification</loc>
<lastmod>2025-12-16T16:22:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stripe-payments/accept-stripe-payments-2098-unauthenticated-payment-bypass</loc>
<lastmod>2026-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-640-reflected-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sully/sully-43-reflected-cross-site-scripting</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lava-ajax-search/lava-ajax-search-119-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-for-wordpress-wpbot-623-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/run-log/run-log-1710-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-09-10T18:53:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-531-authenticated-or-cross-site-request-forgery-blind-sql-injection</loc>
<lastmod>2022-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-524-authenticated-contributor-sql-injection</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appmysite/appmysite-3110-unauthenticated-information-disclsoure</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-lightbox/responsive-lightbox-gallery-276-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/1.5/wordpress-core-152-sql-injection</loc>
<lastmod>2005-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dronex/dronex-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email/wp-email-2682-cross-site-request-forgery-to-log-deletion</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-free-widgets-hover-effects-toggle-conditions-animations-for-elementor-2064-authenticated-contributor-stored-cross-site-scripting-via-data-jltma-wrapper-link-element</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-like-dislike/posts-like-dislike-111-missing-authorization-to-authenticated-subscriber-plugin-setting-reset</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/WooCommerce-Multi-Locations-Inventory-Management/multiloca-woocommerce-multi-locations-inventory-management-4111-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-435-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2023-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zoho/integration-for-contact-form-7-and-zoho-crm-bigin-122-cross-site-request-forgery-via-settings_page-function</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/print-invoices-packing-slip-labels-for-woocommerce/webtoffee-woocommerce-pdf-invoices-packing-slips-delivery-notes-shipping-labels-494-unauthenticated-information-exposure</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-designer/blog-designer-318-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spoontalk-social-media-icons-widget/social-media-icons-widget-16-cross-site-request-forgery</loc>
<lastmod>2023-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broadstreet/broadstreet-1511-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-cm/team-showcase-250513-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colour-smooth-maps/smooth-maps-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-slider/recent-posts-slider-11-reflected-cross-site-scripting</loc>
<lastmod>2023-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register/pie-register-3822-open-redirect</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-curriculo-vitae/wp-curriculo-vitae-free-63-arbitrary-file-upload</loc>
<lastmod>2021-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-1812-cross-site-request-forgery-to-sitemap-deletioncreation</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-beaver-builder/livemesh-addons-for-beaver-builder-392-authenticated-subscriber-stored-cross-site-scripting-via-missing-authorization</loc>
<lastmod>2026-05-26T17:34:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shoutcast-and-icecast-html5-web-radio-player-by-yesstreaming-com/shoutcast-and-icecast-html5-web-radio-player-by-yesstreamingcom-33-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-e-commerce/ecommerce-3151-unauthenticated-php-object-injection</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-beaver-builder/livemesh-addons-for-beaver-builder-392-authenticated-contributor-stored-cross-site-scripting-via-title-and-value-shortcode-attributes</loc>
<lastmod>2026-02-25T12:50:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buffer-my-post/wordpress-buffer-hypesocial-social-media-auto-post-social-media-auto-publish-and-schedule-202010-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-viewer-by-themencode/tnc-pdf-viewer-280-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/libsyn-podcasting/libsyn-publisher-hub-144-sensitive-information-exposure</loc>
<lastmod>2023-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peachpay-for-woocommerce/payments-plugin-and-checkout-plugin-for-woocommerce-stripe-paypal-square-authorizenet-11120-reflected-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75497212-unauthenticated-stored-cross-site-scripting-via-comment-text</loc>
<lastmod>2026-06-08T13:48:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-contact-form-payment-form-quiz-survey-custom-form-builder-347-missing-authorization-to-authenticated-subscriber-email-sending</loc>
<lastmod>2026-05-27T10:58:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-menu/responsive-menu-313-cross-site-request-forgery</loc>
<lastmod>2020-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-xpo-edition/ltl-freight-quotes-xpo-edition-437-unauthenticated-sql-injection</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modular-connector/modular-ds-252-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-cleaner/wps-cleaner-144-arbitrary-media-file-disclosure</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-get-the-table/wp-get-the-table-15-authenticated-contributor-stored-cross-site-scripting-via-url-parameter</loc>
<lastmod>2025-07-23T20:40:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/cocco/cocco-151-authenticated-subscriber-authenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-76-reflected-cross-site-scripting</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-160-unauthenticated-php-object-injection</loc>
<lastmod>2017-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collapsing-archives/collapsing-archives-305-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-239-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-editor-button/contact-form-7-editor-button-100-reflected-cross-site-scripting</loc>
<lastmod>2025-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bwd-elementor-addons/bwd-elementor-addons-4318-authenticated-contributor-sensitive-information-exposure-via-elementor-templates</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-video/video-slider-wordpress-146-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.8/wordpress-core-482-directory-traversal-during-unzip</loc>
<lastmod>2017-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-creator/tablegen-data-table-generator-131-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:33:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-facebook-likebox/ws-facebook-like-box-widget-50-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezpz-sp/ezpz-saml-sp-single-sign-on-sso-125-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-path-disclosure</loc>
<lastmod>2017-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-clock-288-authenticated-contributor-remote-code-execution</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced-shortcode/advanced-file-manager-shortcodes-24-authenticated-contributor-directory-traversal</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-300-authenticated-contributor-stored-cross-site-scripting-via-tag-attribute-injection</loc>
<lastmod>2025-11-20T19:53:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bmi-calculator-shortcode/bmi-calculator-plugin-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery-pearlbells/photo-gallery-responsive-40-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitekit/sitekit-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-pages/mobile-pages-102-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-select-all-text-box/simple-select-all-text-box-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytr-taksit-tablosu-woocommerce/paytr-taksit-tablosu-131-missing-authorization</loc>
<lastmod>2023-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-review/ultimate-review-239-missing-authorization</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-message-filter/message-filter-for-contact-form-7-1632-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms/everest-forms-3094-unauthenticated-arbitrary-file-upload-read-and-deletion</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-create/create-by-mediavine-198-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-3217-unauthenticated-time-based-sql-injection-via-wpdevart_id</loc>
<lastmod>2025-07-01T14:49:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaymail/yaymail-woocommerce-email-customizer-432-missing-authorization</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rich-table-of-content/rich-table-of-contents-140-missing-authorization</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-350-insecure-direct-object-reference-to-subscriber-arbitrary-booking-update</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2158-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themegrill-demo-importer/themegrill-demo-importer-134-161-authorization-bypass-to-site-reset</loc>
<lastmod>2020-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staggs/staggs-product-configurator-for-woocommerce-200-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-manager/job-manager-0723-stored-cross-site-scripting</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fortius/fortius-230-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-lightbox/simple-lightbox-293-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-588-authenticated-contributor-privilege-escalation</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-table/product-table-for-woocommerce-403-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qrcode-wprhe/qr-code-generator-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-link-order/my-link-order-43-authenticated-cross-site-scripting</loc>
<lastmod>2015-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1568-reflected-cross-site-scripting</loc>
<lastmod>2021-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-custom-auto-excerpt/easy-custom-auto-excerpt-2412-sensitive-information-exposure</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-pages-generator-by-porthas/multiple-page-generator-plugin-mpg-402-authenticated-editor-directory-traversal-to-limited-file-deletion</loc>
<lastmod>2024-11-11T14:56:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-worldwide-express-edition/ltl-freight-quotes-worldwide-express-edition-5020-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epoll-wp-voting/poll-maker-34-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/legacy/legacy-19-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-blocks-template-1635-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bootstrap-collapse/bootstrap-collapse-104-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-1716-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-11T21:04:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gmail-smtp/gmail-smtp-12319-cross-site-request-forgery</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-720-missing-authorization</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-wp-mail/ultimate-wp-mail-139-open-redirect</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-nested-pages/nested-pages-323-missing-authorization-to-authenticated-editor-plugin-settings-reset</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4685-object-injection</loc>
<lastmod>2018-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-block-editor/the-plus-blocks-for-block-editor-gutenberg-325-reflected-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-optimizer/plugin-optimizer-137-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-1334-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-restaurant-menu/simple-restaurant-menu-12-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-elementor-widgets/restrict-elementor-widgets-columns-and-sections-112-missing-authorization</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-slider/banner-slider-21-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/whmpress/whmpress-62-revision-9-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-easy-drag-drop-form-builder-1043-unauthenticated-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2025-11-20T19:28:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-3633-cross-site-request-forgery</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms-uploads/ninja-forms-file-uploads-extension-3312-reflected-cross-site-scripting</loc>
<lastmod>2021-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/controlled-admin-access/controlled-admin-access-156-privilege-escalation</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-package/booking-package-1528-unauthenticated-sensitive-data-disclosure</loc>
<lastmod>2022-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-1510-authenticated-sql-injection</loc>
<lastmod>2015-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templines-helper-core/templines-elementor-helper-core-27-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xv-random-quotes/xv-random-quotes-200-unauthenticated-sql-injection</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-page-clone/wp-post-page-clone-11-missing-authorization-to-post-disclosure</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2174-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-twitter-profile-widget/ultimate-twitter-profile-widget-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordtube/wordtube-143-directory-traversal-and-file-inclusion</loc>
<lastmod>2007-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-showcase-cm/team-showcase-250513-reflected-cross-site-scripting</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ays-popup-box/popup-box-233-cross-site-scripting</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0975-authenticated-administrator-path-traversal</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3811-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-869-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1176-missing-authorization-to-feedback-submission</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/garden-gnome-package/garden-gnome-package-228-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-1200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-style/wp-admin-style-012-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sql-shortcode/sql-shortcode-11-sql-execution</loc>
<lastmod>2017-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-snippets-extended/code-snippets-extended-147-cross-site-request-forgery-to-remote-code-execution</loc>
<lastmod>2022-05-04T14:51:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-user-registration-login-membership-plugin-250-authenticated-contributor-directory-traversal-via-shortcodes</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-register/login_register-120-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2026-03-20T15:16:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migrate-2-aws/wp-on-aws-521-reflected-cross-site-scripting</loc>
<lastmod>2024-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oxygen/oxygen-608-unauthenticated-server-side-request-forgery-via-route_path</loc>
<lastmod>2026-03-27T14:05:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-affiliate-links/auto-affiliate-links-6424-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2437-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-sendgrid/smtp-for-sendgrid-yaysmtp-15-authenticated-administrator-sql-injection</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-abstracts-manuscripts-manager/wp-abstracts-271-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anchor-episodes-index/anchor-episodes-index-spotify-for-podcasters-2110-authenticated-contributor-stored-cross-site-scripting-via-anchor_episodes-shortcode</loc>
<lastmod>2024-10-21T20:53:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-elementor-addons-14191-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-5411-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-461-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/purchase-button/purchase-button-for-affiliate-link-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-03-06T18:46:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mesmerize/mesmerize-1689-materialis-10172-authenticated-arbitrary-options-update</loc>
<lastmod>2019-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-modal-popup-with-cookie-integration/wp-modal-popup-with-cookie-integration-24-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-3397-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-mailchimp-extension/contact-form-7-extension-for-mailchimp-0954-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblibrarian/web-librarian-354-sql-injection</loc>
<lastmod>2019-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/echelon/echelon-all-versions-arbitrary-file-upload</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-340-3411-authentication-bypass-to-admin-account-takeover</loc>
<lastmod>2026-05-13T16:44:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/codescar-radio-widget/codescar-radio-widget-042-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-restaurant-menu/restaurant-menu-by-motopress-241-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mmenu-lite/wp-mmenu-lite-100-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-currency-switcher/fox-currency-switcher-professional-for-woocommerce-1416-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-115-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agile-store-locator/store-locator-wordpress-1414-authenticatedadministrator-directory-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-contact-forms/simple-contact-forms-164-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-condition/wordpress-health-and-server-condition-integrated-with-google-page-speed-411-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-broken-link-checker/url-shortener-conversion-tracking-ab-testing-woocommerce-902-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-415-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paypal-forms/paypal-forms-103-cross-site-request-forgery</loc>
<lastmod>2025-10-02T22:12:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-content-show-hover/image-style-hover-106-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/text-snippet/text-snippets-001-authenticated-contributor-stored-cross-site-scripting-via-w-shortcode-attribute</loc>
<lastmod>2026-04-21T19:02:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-verification/email-verification-email-otp-block-spam-email-passwordless-login-hide-login-magic-login-user-verification-2044-authentication-bypass-to-account-takeover</loc>
<lastmod>2025-12-04T17:39:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-apartment-management-system-for-wordpress-4953-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crowdfunding-for-woocommerce/crowdfunding-for-woocommerce-3112-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qodeblock/plum-spin-wheel-email-pop-up-20-missing-authorization</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-590-unauthenticated-sql-injection</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-42001-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-messages-for-wordpress/private-messages-for-wordpress-2110-cross-site-request-forgery</loc>
<lastmod>2022-05-26T11:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-241-authenticated-subscriber-arbitrary-file-read-in-update</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-groups/admin-menu-groups-012-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/depicter-slider-312-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-skill-bar/skt-skill-bar-20-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-gift-cards-lite/ultimate-gift-cards-for-woocommerce-324-missing-authorization</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/company-updates-for-linkedin/linkedin-company-updates-153-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo-pack/squirrly-seo-advanced-pack-2402-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-500-507-protection-bypass-via-ip-spoofing</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdc-private-message/mdc-private-message-101-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/pdfjs-4267-arbitrary-javascript-execution</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wallet-system-for-woocommerce/wallet-system-for-woocommerce-268-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/peters-custom-anti-spam-image/peters-custom-anti-spam-322-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pre-party-browser-hints/pre-party-resource-hints-1820-authenticated-subscriber-sql-injection-via-hint_ids-parameter</loc>
<lastmod>2026-03-20T14:37:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-36-authenticated-stored-cross-site-scripting-via-ip-setting</loc>
<lastmod>2020-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-smart-filters/jetsmartfilters-383-unauthenticated-sql-injection</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-japan/japanized-for-woocommerce-284-missing-authorization-to-unauthenticated-paidy-order-manipulation</loc>
<lastmod>2026-02-26T21:04:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-172-unauthenticated-privilege-escalation</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formgent/formgent-next-gen-ai-form-builder-for-wordpress-with-multi-step-quizzes-payments-more-142-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.5/wordpress-core-552-stored-cross-site-scripting-via-post-slugs</loc>
<lastmod>2020-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid-carousel-ultimate/post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-167-authenticated-contributor-php-object-injection-in-outpost_shortcode_metabox_markup</loc>
<lastmod>2024-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-slider-with-thumbnails/video-gallery-1010-reflected-cross-site-scripting</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-video-embed/responsive-video-embed-05-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagenius/imagenius-17-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-smtp/post-smtp-216-authenticated-administrator-blind-server-side-request-forgery</loc>
<lastmod>2022-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms-pro/sureforms-pro-280-missing-authorization</loc>
<lastmod>2026-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-wpbakery/ht-mega-absolute-addons-for-wpbakery-page-builder-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-the-1-wordpress-widget-block-control-plugin-407-authenticated-contributor-remote-code-execution</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3306-unauthenticated-information-disclosure-via-unprotected-directory</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotowp/gotowp-511-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ti-woocommerce-wishlist/ti-woocommerce-wishlist-2100-unauthenticated-html-injection</loc>
<lastmod>2025-12-12T19:15:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/walker-elementor/walker-for-elementor-116-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-for-elementor/extensions-for-elementor-2040-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hostinger-reach/hostinger-reach-138-missing-authorization-to-authenticated-subscriber-integration-api-key-update</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kentha/kentha-472-reflected-cross-site-scripting</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51136-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-addons-for-elementor/skt-addons-for-elementor-37-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-09-05T15:12:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumbs-by-menu/breadcrumbs-by-menu-101-cross-site-request-forgery</loc>
<lastmod>2019-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yourchannel/yourchannel-122-authenticated-contributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-312-remote-code-execution</loc>
<lastmod>2015-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kata-plus/kata-plus-153-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-412-unauthenticated-authentication-bypass-via-social-login-token</loc>
<lastmod>2026-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-downloader/media-downloader-01992-reflected-cross-site-scripting</loc>
<lastmod>2014-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docspress/docspress-252-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-engage-3111-reflected-cross-site-scripting</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_save_folder_order</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visa-acceptance-solutions/visa-acceptance-solutions-210-unauthenticated-authentication-bypass-via-billing-email</loc>
<lastmod>2026-04-14T19:51:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliates-manager-2950-unauthenticated-information-exposure</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-org-chart/simple-org-chart-234-cross-site-request-forgery</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rockon/rockon-dj-33-reflected-cross-site-scripting</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-copilot-content-generator/ai-chatbot-workflow-automation-by-aiwu-1414-unauthenticated-stored-cross-site-scripting-via-x-forwarded-for-header</loc>
<lastmod>2026-05-19T17:23:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-quick-view/yith-woocommerce-quick-view-270-authenticated-contributor-stored-cross-site-scripting-via-yith_quick_view-shortcode</loc>
<lastmod>2025-12-12T15:32:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-5105-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-widgets/dynamic-widgets-1510-cross-site-scripting</loc>
<lastmod>2015-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscription/subscription-for-woocommerce-wordpress-recurring-payments-plugin-1810-authenticated-customer-insecure-direct-object-reference</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-rocket/social-rocket-134-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-01-06T16:28:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inimat/zebra_form-php-library-298-reflected-cross-site-scripting</loc>
<lastmod>2021-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ads-txt-admin/adstxt-admin-13-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/gs-logo-slider-ticker-grid-list-table-filter-views-337-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-critical-css/shortpixel-critical-css-102-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-custom-field-values/get-custom-field-values-400-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshiftquery/greenshift-query-and-meta-addon-392-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1181-reflected-cross-site-scripting</loc>
<lastmod>2020-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1263-authenticated-admin-sql-injection</loc>
<lastmod>2021-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-poster/fs-poster-658-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/himalayas/himalayas-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-podcasting/json5-101-and-200-221-prototype-pollution</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pymntpl-paypal-woocommerce/payment-plugins-for-paypal-woocommerce-2013-missing-authorization</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ar-for-wordpress/ar-for-wordpress-831-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-170-reflected-cross-site-scripting</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-notification/simple-notification-13-missing-authorization</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/price-alert-woocommerce/woocommerce-price-alert-104-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stopbadbots/block-bad-bots-and-stop-bad-bots-crawlers-and-spiders-and-anti-spam-protection-1158-insufficient-authorization-to-unauthenticated-blocklist-bypass</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-sell-digital-files-subscriptions-ecommerce-store-payments-made-easy-332-authenticated-admin-stored-cross-site-scripting-via-title</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-108-reflected-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-form/adfo-custom-data-in-admin-dashboard-190-cross-site-request-forgery</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-grid/post-grid-and-gutenberg-blocks-2321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-221-unauthenticated-authorization-bypass-via-remote-approval-endpoint</loc>
<lastmod>2026-05-01T19:17:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-buddypress-groups/wbcom-designs-buddypress-group-reviews-281-cross-site-scripting</loc>
<lastmod>2022-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-auctions-allegro-free-edition/my-auctions-allegro-plugin-3631-authenticated-admin-sql-injection</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-201-cross-site-scripting</loc>
<lastmod>2006-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-forms-contact-form-payment-form-custom-form-builder-1351-cross-site-request-forgery-to-draft-quiz-creation</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members-import/members-import-13-cross-site-request-forgery-to-user-import-and-cross-site-scripting</loc>
<lastmod>2016-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-freshdesk/gravity-forms-freshdesk-135-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/final-tiles-grid-gallery-lite/image-photo-gallery-final-tiles-grid-360-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-02-26T17:00:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-store-locatorgoogle-mapsopenstreetmapmapboxlistingdirectory-filters-491-unauthenticated-sql-injection-via-orderby-parameter</loc>
<lastmod>2026-03-22T11:17:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2941-authenticated-contributor-stored-cross-site-scripting-via-map-block</loc>
<lastmod>2024-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-automator-pro/uncanny-automator-pro-5301-missing-authorization-to-unauthenticated-license-setting-reset</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-78-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/woo-slider-pro-112-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-your-posts-manually/order-your-posts-manually-225-reflected-cross-site-scripting-via-_user_request</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-builder-for-wpforms/pdf-builder-for-wpforms-1288-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surveyjs/surveyjs-11220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-vcard-generator/contact-form-vcard-generator-24-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-0426-cross-site-scripting</loc>
<lastmod>2012-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-edit-template-link/template-debugger-312-cross-site-request-forgery</loc>
<lastmod>2023-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lbstopattack/plugin-lbstopattack-112-cross-site-request-forgery</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-toolkit-pro/uncanny-toolkit-pro-for-learndash-414-cross-site-request-forgery</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leadsquared-suite/leadsquared-suite-074-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-testimonials/easy-testimonials-361-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kento-post-view-counter/kento-post-view-counter-28-reflected-cross-site-scripting</loc>
<lastmod>2016-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/privacy-policy-generator-terms-conditions-generator-wordpress-plugin-wp-legal-pages-327-cross-site-request-forgery</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/autoparts/autoparts-158-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/voyage-plus/voyage-plus-106-authenticated-contributor-stored-cross-site-scripting-via-post-content-shortcode</loc>
<lastmod>2026-05-11T19:04:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-253-cross-site-request-forgery</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-download-manager/cm-download-manager-291-cross-site-request-forgery-via-editheader</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-report-post/wp-report-post-212-authenticated-editor-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/laurent/laurent-31-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/improve-my-city/improve-my-city-16-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-wordpress-data-table-dynamic-tables-table-charts-plugin-6504-unauthenticated-stored-cross-site-scripting-via-csvexcel-data-import</loc>
<lastmod>2026-04-20T09:28:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/postaffiliatepro/post-affiliate-pro-1249-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-7116-unauthenticated-sensitive-information-exposure-via-form-uploads-directory-listing</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rock-convert/rock-convert-2102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-code-placement/easy-code-placement-1811-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recent-posts-slider-responsive/recent-posts-slider-responsive-101-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-elementor/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5815-authenticated-contributor-stored-cross-site-scripting-via-lightbox-and-modal-widget</loc>
<lastmod>2024-06-06T16:18:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-elearning-and-online-course-solution-383-authenticated-subscriber-insecure-direct-object-reference-to-viewedit-other-assignments</loc>
<lastmod>2025-10-24T17:30:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-contactform/wr-contactform-1110-sql-injection</loc>
<lastmod>2015-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exports-and-reports/exports-and-reports-091-csv-injection</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalium/kalium-3183-missing-authorization</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-image/responsive-slider-image-slider-slideshow-for-wordpress-286-authenticated-sql-injection</loc>
<lastmod>2015-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nearby-now-reviews/nearby-now-reviews-52-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-01-08T21:19:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-solutions-checklist/restaurant-solutions-checklist-100-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wr-age-verification/wr-age-verification-200-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweetdate/sweet-date-373-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2941-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/good-old-gallery/good-old-gallery-212-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-toolkit-starter/affiliate-toolkit-wordpress-affiliate-plugin-333-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shoutout/shoutout-402-reflected-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/beautique/beautique-15-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-31214-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-for-all/recaptcha-for-all-226-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-bidouille/wps-bidouille-1122-multiple-cross-site-request-forgery</loc>
<lastmod>2019-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-472-authenticated-sql-injection</loc>
<lastmod>2017-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blaze-slide-show-for-wordpress/blaze-slideshow-24-arbitrary-file-upload</loc>
<lastmod>2012-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaysmtp/yaysmtp-264-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-send-awesome-emails-from-wordpress-910-cross-site-request-forgery-to-newsletter-unsubscription</loc>
<lastmod>2026-01-19T11:44:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motopress-hotel-booking-lite/hotel-booking-lite-484-insufficient-path-validation-to-unauthenticated-arbitrary-file-deletion-and-download</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-slider/product-slider-for-woocommerce-11350-reflected-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/issuu-panel/issuu-panel-211-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1012-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablepress/tablepress-224-authenticatedauthor-server-side-request-forgeryssrf-via-_get_import_files</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-2330-reflected-cross-site-scripting</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67082-cross-site-request-forgery</loc>
<lastmod>2025-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lemonade-sna-pinterest-edition/lemonade-social-networks-autoposter-pinterest-20-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-invoices/flexible-pdf-invoices-for-woocommerce-amp-wordpress-6013-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zermatt/zermatt-161-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluent-forms-for-quiz-survey-and-drag-drop-wp-form-builder-5115-php-object-injection-via-extractdynamicvalues</loc>
<lastmod>2024-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/glance-that/glance-that-49-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hero-banner-ultimate/hero-banner-ultimate-134-authenticated-contributor-stored-cross-site-scripting-via-shortcodes</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blox-lite/blox-lite-128-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dl-yandex-metrika/dl-yandex-metrika-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-to-any/addtoany-share-buttons-1747-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/superstorefinder-wp/super-store-finder-697-unauthenticated-sql-injection</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sideblog/sideblog-wordpress-plugin-60-cross-site-request-forgery-to-settings-update-and-stored-cross-site-scripting</loc>
<lastmod>2022-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/toolbox/toolbox-14-sql-injection</loc>
<lastmod>2012-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shockingly-big-ie6-warning/shockingly-big-ie6-warning-163-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/outbound-link-manager/outbound-link-manager-12-cross-site-request-forgery</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportboard/support-board-380-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pre-publish-checklist/pre-publish-checklist-111-insecure-direct-object-reference-to-arbitrary-post-_ppc_meta_key-update</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookielay/cookielay-120-authenticated-contributor-stored-cross-site-scripting-via-cookielay-shortcode</loc>
<lastmod>2024-12-05T19:43:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/floatbox-plus/floatbox-plus-144-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/wp-fluent-forms-3667-stored-cross-site-scripting</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-241-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-print/pdf-print-by-bestwebsoft-203-reflected-cross-site-scripting</loc>
<lastmod>2017-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4642-directory-traversal</loc>
<lastmod>2017-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aiomatic-automatic-ai-content-writer/aiomatic-ai-content-writer-editor-chatbot-ai-toolkit-250-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gold-addons-for-elementor/gold-addons-for-elementor-132-missing-authorization-to-authenticated-subscriber-license-activationdeactivation</loc>
<lastmod>2024-12-05T19:43:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/very-simple-google-maps/very-simple-google-maps-284-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-users-media/wp-users-media-423-missing-authorization-via-wpusme_save_settings</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-bulk-editor/custom-field-bulk-editor-191-reflected-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider-gallery/accordion-slider-gallery-27-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-free-premium-2163-4143-stored-cross-site-scripting</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41153-unauthenticated-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11318-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kute-boutique/boutique-246-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-branding-elementor/white-label-branding-for-elementor-page-builder-102-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tz-plus-gallery/tz-plusgallery-155-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/links-in-captions/links-in-captions-12-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-sendle-shipping-method/sendle-shipping-517-reflected-cross-site-scripting</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/list-categories/list-categories-04-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-05-29T15:51:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-tickets/event-tickets-41071-csv-injection</loc>
<lastmod>2019-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curtain/curtain-102-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-413-unauthenticated-sql-injection-via-wpmlsubscriber_id-parameter</loc>
<lastmod>2026-06-09T20:03:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-ajax/shortcode-loader-10-unauthenticated-arbitrary-shortcode-execution-via-code-parameter</loc>
<lastmod>2025-12-12T16:11:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kaswara/kaswara-modern-vc-addons-301-arbitrary-file-upload</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mamurjor-employee-info/mamurjor-employee-info-100-cross-site-request-forgery-to-arbitrary-employee-and-related-data-manipulation</loc>
<lastmod>2026-01-06T20:30:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extensions-leaflet-map/extensions-for-leaflet-map-341-reflected-cross-site-scripting</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/igniteup/igniteup-coming-soon-and-maintenance-mode-341-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-events-calendar-lite/modern-events-calendar-lite-5164-unauthenticated-events-export</loc>
<lastmod>2021-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-42311-missing-authorization-to-authenticated-subscriber-feed-state-update</loc>
<lastmod>2024-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-tables/ninja-tables-easy-data-table-builder-5018-unauthenticated-php-object-injection-to-limited-remote-code-execution</loc>
<lastmod>2025-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-security/siteground-security-125-authorization-weakness-to-authentication-bypass</loc>
<lastmod>2022-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-press/bookpress-for-book-authors-127-missing-authorization</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/aidreform/themes-from-chimpstudio-and-pixfill-various-versions-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-31-31141-unauthenticated-arbitrary-password-reset-to-privilege-escalation</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-4216-unauthenticated-plugin-settings-reset</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-2149-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-fortnox-integration/woocommerce-fortnox-integration-455-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tribute-testimonial-gridslider/tribute-testimonials-wordpress-testimonial-gridslider-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T15:09:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surecart/surecart-ecommerce-made-easy-for-selling-physical-products-digital-downloads-subscriptions-donations-payments-422-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-gateway-stripe/stripe-gateway-760-cross-site-request-forgery</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-superb-slideshow-transition-gallery-with-random-effect/woo-superb-slideshow-transition-gallery-with-random-effect-91-authenticated-contributor-sql-injection</loc>
<lastmod>2025-10-02T22:35:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-construction-mode/wp-construction-mode-18-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-267-authenticated-contributor-stored-cross-site-scripting-via-cfspost_title</loc>
<lastmod>2024-06-19T13:17:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mshop-naver-talktalk/-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-page-styler/all-in-one-custom-login-page-711-missing-authorization-to-authenticated-subscriberprivilege-escalation</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-246-authenticated-contributor-stored-cross-site-scripting-via-lightbox-widget</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pondol-carousel/pondol-carousel-10-reflected-cross-site-scripting</loc>
<lastmod>2016-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aio-time-clock-lite/all-in-one-time-clok-lite-13320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-addons/master-addons-for-elementor-20541-missing-authorization-on-duplicate-post</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-beaver-builder/livemesh-addons-for-beaver-builder-361-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/znajdz-prace-z-pracapl/znajd-prac-z-pracapl-223-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adifier-system/adifier-system-314-unauthenticated-sql-injection</loc>
<lastmod>2023-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3702-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staticpress/staticpress-045-missing-authorization</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-rss-reader/silencesoft-rss-reader-06-cross-site-request-forgery-to-rss-feed-deletion</loc>
<lastmod>2025-08-22T15:52:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/topbar/topbar-100-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-14T19:36:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carzone/car-zone-37-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/heartland-management-terminal/heartland-management-terminal-13-0-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-liveblogs/easy-liveblogs-235-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blossomthemes-email-newsletter/blossomthemes-email-newsletter-226-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-wp-lms-for-elearning-online-courses-quizzes-785-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2024-12-17T14:26:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-1253-missing-authorization-to-authenticated-contributor-arbitrary-content-deletion</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-3219-authenticated-author-stored-cross-site-scripting-via-image-title</loc>
<lastmod>2024-06-18T18:55:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workreap/workreap-331-authentication-bypass-via-workreap_verify_user_account</loc>
<lastmod>2025-06-11T16:31:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-287-authenticated-contributor-stored-cross-site-scripting-via-custom-field</loc>
<lastmod>2025-11-04T21:29:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/services-section/services-section-block-144-authenticated-contributor-stored-cross-site-scripting-via-link-block-attribute</loc>
<lastmod>2026-06-17T16:51:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bamboo-columns/bamboo-columns-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-front-end-editor/acf-front-end-editor-202-missing-authorization-to-authenticated-subscriber-arbitrary-content-update</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-modern-admin-theme/zephyr-admin-theme-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-invoices/easy-digital-downloads-pdf-invoices-104-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crm-customer-relationship-management-by-vcita/crm-and-lead-management-by-vcita-275-missing-authorization-to-authenticated-susbcriber-widget-toggle</loc>
<lastmod>2025-03-12T13:08:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/digiqole/digiqole-227-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dportfolio/dportfolio-20-reflected-cross-site-scripting</loc>
<lastmod>2024-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-368-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-parcel-pro/parcel-pro-184-reflected-cross-site-scripting</loc>
<lastmod>2024-10-17T15:42:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-3116-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-ping-optimizer/wordpress-ping-optimizer-235130-cross-site-request-forgery-to-log-clearing</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fileorganizer/fileorganizer-114-authenticated-administrator-local-javascript-file-inclusion</loc>
<lastmod>2024-12-06T21:06:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-128-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-sandwich/page-builder-sandwich-front-end-wordpress-page-builder-plugin-510-sensitive-information-exposure</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jabberbenachrichtigung/jabbernotification-099-rc2-reflected-cross-site-scripting-via-adminphp-path_info</loc>
<lastmod>2025-12-04T17:30:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-form-builder/responsive-contact-form-builder-lead-generation-plugin-197-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-4264-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordions-wp/accordion-303-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-admin-bar-based-on-user-roles/hide-admin-bar-based-on-user-roles-310-cross-site-request-forgery</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-banners/easy-banners-14-cross-site-scripting</loc>
<lastmod>2014-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-6151-unauthenticated-sql-injection</loc>
<lastmod>2025-09-11T12:26:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quillforms/quill-forms-330-cross-site-request-forgery</loc>
<lastmod>2023-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-comment-fields/comments-extra-fields-for-postpages-and-cpt-50-cross-site-request-forgery</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-446-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/modernize/modernize-340-missing-authorization</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/http-headers/http-headers-1188-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-best-help-desk-support-plugin-283-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/exzo/exzo-124-missing-authorization</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-92-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-494-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-79-reflected-cross-site-scripting</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-finder/shortcodes-finder-154-reflected-cross-site-scripting-via-nonce</loc>
<lastmod>2024-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-map-block/wp-map-block-gutenberg-map-block-for-google-map-and-openstreet-map-122-stored-cross-site-scripting</loc>
<lastmod>2021-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/wp-staging-wordpress-backup-plugin-migration-backup-restore-343-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-sheet-viewer/music-sheet-viewer-41-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:43:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/helpdeskwp/help-desk-wp-120-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/esselinknu-settings/esselinknu-settings-294-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-to-bible/link-to-bible-259-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-password-reset/user-password-reset-10-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ntzantispam/ntz-antispam-20e-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-expert/chart-expert-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-11-10T15:15:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2134-authenticated-author-arbitrary-file-deletion</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-google-calendar/pretty-google-calendar-151-authenticatedcontributor-stored-cross-site-scripting-via-pretty_google_calendar-shortcode</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-page/duplicate-page-33-sql-injection</loc>
<lastmod>2019-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/car-rental/car-rental-by-bestwebsoft-112-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-ajax_edit_item</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-album/gallery-image-and-video-gallery-with-thumbnails-203-authenticated-contributor-sql-injection</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-contact-form-survey-quiz-custom-form-builder-for-elementor-388-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-2716-unauthenticated-payment-bypass-via-php-type-juggling-in-payment_id-parameter</loc>
<lastmod>2026-04-29T20:28:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user/wp-user-70-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jw-player-7-for-wp/jw-player-for-wordpress-237-missing-authorization</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virusdie/virusdie-117-missing-authorization-to-authenticated-subscriber-api-key-disclosure</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ewww-image-optimizer/ewww-image-optimizer-581-cross-site-request-forgery-bypass</loc>
<lastmod>2020-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-308-reflected-cross-site-scripting</loc>
<lastmod>2021-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-yourmembership/yourmembership-single-sign-on-113-missing-authorization</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manager-for-icomoon/manager-for-icomoon-21-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bck-tu-dong-xac-nhan-thanh-toan-chuyen-khoan-ngan-hang/thanh-ton-qut-m-qr-code-t-ng-momo-viettelpay-vnpay-v-40-ngn-hng-vit-nam-201-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T18:36:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dynamic-elementor-addons/dynamic-elementor-addons-100-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/peakshops/peakshops-159-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-captcha/easy-captcha-10-missing-authorization-via-easy_captcha_update_settings</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-430-missing-authorization-to-authenticated-contributor-campaign-data-view-and-modification</loc>
<lastmod>2025-06-18T17:35:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/wordpress-email-marketing-plugin-wp-email-capture-393-cross-site-request-forgery</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/siteguard/siteguard-wp-plugin-179-missing-authorization</loc>
<lastmod>2026-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demomentsomtres-shortcodes/demomentsomtres-shortcodes-111-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-06-01T19:44:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mm-email2image/mm-email2image-025-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-3205-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-layout-builder/page-layout-builder-193-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/preferred-languages/preferred-languages-222-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-property-feed/houzez-property-feed-254-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-331-authenticated-subscriber-csv-injection</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax_multi_upload/ajax-multi-upload-11-arbitrary-file-upload</loc>
<lastmod>2012-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiple-post-passwords/multiple-post-passwords-111-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-google-sheets-connector/cf7-google-sheets-connector-5017-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-to-pdf/wp-post-to-pdf-231-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/phonepe-payment-solutions/phonepe-payment-solutions-1015-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vilva/vilva-122-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appten-image-rotator/image-rotator-20-reflected-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/findall/findall-business-directory-wordpress-theme-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-clean-up/wp-clean-up-123-cross-site-request-forgery-via-wp_clean_up_optimize</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fomo-payment-gateway-for-woocommerce/fomo-pay-chinese-payment-solution-204-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldd-directory-lite/ldd-directory-lite-35-reflected-cross-site-scripting</loc>
<lastmod>2022-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hmapsprem/hero-maps-premium-customizable-google-maps-plugin-239-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-03-06T19:33:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/jobmonster-479-authentication-bypass</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slidedeck2/slidedeck-2-233-localremote-file-inclusion</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-video-and-image-display/fast-video-and-image-display-252-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sparkle-demo-importer/sparkle-demo-importer-147-missing-authorization-to-authorizedsubscriber-postpagesattachements-deletion-and-demo-data-import</loc>
<lastmod>2024-06-21T11:04:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-generator-addon-for-elementor-page-builder/pdf-generator-addon-for-elementor-page-builder-210-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-176-unauthenticated-time-based-sql-injection</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/doneren-met-mollie/doneren-met-mollie-2102-unauthenticated-reflected-cross-site-scripting-via-search</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedesigntech-portfolio/wedesigntech-portfolio-102-missing-authorization</loc>
<lastmod>2025-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-238-sql-injection</loc>
<lastmod>2015-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hc-custom-wp-admin-url/hc-custom-wp-admin-url-14-cross-site-request-forgery</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-google-job-posting-manager/vk-google-job-posting-manager-1222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-banners/custom-banners-322-cross-site-request-forgery-bypass</loc>
<lastmod>2021-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexter-extension/nexter-extension-203-reflected-cross-site-scripting-via-post-and-post_id</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-management-tickets-booking-146-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-media/download-media-142-missing-authorization-via-generate_link_for_media</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/mdtf-meta-data-and-taxonomies-filter-1333-authenticated-contributor-sql-injection</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restrict-user-registration/restrict-user-registration-101-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-10-02T22:32:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-1115-cross-site-scripting</loc>
<lastmod>2017-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-4132-information-disclosure-via-debug-log</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-user-profile-registration-login-member-directory-content-restriction-membership-plugin-2101-unauthenticated-blind-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-planner/progress-planner-180-missing-authorization-to-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2025-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kimili-flash-embed/kimili-flash-embed-253-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-537-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browse-as/browse-as-02-authenticated-subscriber-authentication-bypass-via-cookie</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contextual-related-posts/contextual-related-posts-421-authenticated-contributor-stored-cross-site-scripting-via-other_attributes</loc>
<lastmod>2026-04-17T21:46:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/futurio-extra/futurio-extra-162-authenticated-admin-sql-injection</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-sharing-plugin-social-warfare-443-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/goqsmile/goqsmile-101-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion/accordion-all-versions-arbitrary-file-upload</loc>
<lastmod>2013-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-maintenance-mode/yith-maintenance-mode-137-stored-cross-site-scripting</loc>
<lastmod>2021-09-15T11:59:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scw-seat-reservation/advance-seat-reservation-management-for-woocommerce-31-unauthenticated-sql-injection</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-2370-missing-authorization-via-geodirectory_rated</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-category-selection-widget/woocommerce-product-categories-selection-widget-20-reflected-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-maintenance/wp-maintenance-6192-ip-spoofing-to-maintenance-mode-bypass</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazonjs/amazon-js-010-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/percent-to-infograph/percent-to-infograph-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-02-13T18:28:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitscription/twitscription-011-reflected-cross-site-scripting-via-adminphp-path_info</loc>
<lastmod>2025-12-04T17:29:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ecommerce-paypal/easy-paypal-buy-now-button-181-cross-site-request-forgery</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscriptions-memberships-for-paypal/subscriptions-memberships-for-paypal-117-unauthenticated-fake-payment-creation</loc>
<lastmod>2025-11-21T18:49:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/news/news-01-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbs-e-popup/bbs-e-popup-245-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-4504-missing-authorization-via-get_field_options_ajax</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integromat-connector/make-formerly-integromat-connector-152-authenticated-subscriber-information-disclosure</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logout-shortcode/login-logout-shortcode-110-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2024-10-03T13:33:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taxonomy-switcher/taxonomy-switcher-103-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fingo/findgo-1355-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-ups-pickup/opsi-israel-domestic-shipments-268-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ignitiondeck/ignitiondeck-2010-missing-authorization</loc>
<lastmod>2025-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpadverts/wpadverts-classifieds-plugin-230-missing-authorization</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/numinous/numinous-130-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-video-gallery/all-in-one-gallery-249-admin-local-file-inclusion</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-compliance/gdpr-cookie-compliance-4124-cross-site-request-forgery-to-license-modification</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdy-modular-content/gdy-modular-content-0992-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:38:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ladipage/ladiapp-43-missing-authorization</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ratings-shorttags/review-ratings-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.2/wordpress-core-221-authenticated-admin-cross-site-scripting</loc>
<lastmod>2007-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/doccure/doccure-150-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2025-09-08T05:36:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-slider/universal-slider-165-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-06-18T14:43:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uipress-lite/uipress-lite-effortless-custom-dashboards-admin-themes-and-pages-3508-missing-authorization-to-authenticated-subscriber-plugin-settings-update</loc>
<lastmod>2025-11-20T19:17:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-11216-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invelity-products-feeds/invelity-products-feeds-126-cross-site-request-forgery-to-arbitrary-file-deletion</loc>
<lastmod>2026-03-20T15:21:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/letsrecover-woocommerce-abandoned-cart/letsrecover-110-authenticated-admin-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-switcher-woocommerce/currency-switcher-2111-authorization-bypass</loc>
<lastmod>2019-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tinymce-colorpicker/tinymce-color-picker-12-cross-site-request-forgery</loc>
<lastmod>2014-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-ping-optimizer/wordpress-ping-optimizer-235123-cross-site-request-forgery</loc>
<lastmod>2022-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-448-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unusedcss/rapidload-power-up-for-autoptimize-171-cross-site-request-forgery</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-invisible-recaptcha/cf7-invisible-recaptcha-133-cross-site-request-forgery-via-vsz_cf7_invisible_recaptcha_page</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bnm-blocks/magazine-companion-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:05:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marker-io/markerio-118-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-16268-insecure-direct-object-reference-to-unauthenticated-arbitrary-password-update</loc>
<lastmod>2024-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aweber-web-form-widget/aweber-7320-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-178-sql-injection</loc>
<lastmod>2021-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-restful/wp-restful-01-multiple-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-wordpress-helpdesk-support-plugin-317-cross-site-scripting</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-1093-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-post-block/advanced-post-block-display-posts-pages-or-custom-posts-on-your-page-1134-missing-authorization-to-information-disclosure</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-1101-missing-authorization</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-unlock-lite/subscribe-to-unlock-lite-130-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foxypress/foxypress-0421-arbitrary-file-upload</loc>
<lastmod>2012-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-461-reflected-cross-site-scripting</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scormcloud/scorm-cloud-for-wordpress-107-sql-injection</loc>
<lastmod>2011-09-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-share-buttons3/easy-social-share-buttons-94-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-331-authenticated-subscriber-information-disclosure-via-mf_last_name-shortcode</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-any-api/contact-form-to-any-api-112-authenticated-administrator-sql-injection-via-form_id</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-by-boomdevs/boomdevs-wordpress-coming-soon-104-unauthenticated-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shamsi/wp-shamsi-433-missing-authorization-leading-to-authenticated-subscriber-attachment-deletion</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-301-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2026-01-07T14:17:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-discussion/author-discussion-022-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder-pro/profile-builder-310-privilege-escalation</loc>
<lastmod>2020-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oxyextras/oxyextras-144-unauthenticated-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection/redirection-2212-reflected-cross-site-scripting</loc>
<lastmod>2012-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate/qtranslate-2539-cross-site-request-forgery</loc>
<lastmod>2013-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-poster/wp-rss-poster-100-sql-injection</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-435-missing-authorization-to-stored-cross-site-scripting</loc>
<lastmod>2023-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-missing-authorization</loc>
<lastmod>2024-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/radio-player/radio-player-live-shoutcast-icecast-and-any-audio-stream-player-for-wordpress-2073-missing-authorization-to-authenticated-subscriber-information-disclosure</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbot-pro/wpbot-pro-wordpress-chatbot-1362-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-05-16T16:36:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-393-missing-authorization-to-authenticated-subscriber-sensitive-form-response-data-exposure</loc>
<lastmod>2026-02-13T14:26:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webtexttool/textmetrics-364-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/graphina-elementor-charts-and-graphs/graphina-304-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/1-flash-gallery/1-flash-gallery-190-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-ovh/sms-ovh-01-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-512-unauthenticated-information-exposure-via-file_url-parameter</loc>
<lastmod>2025-04-22T19:00:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-webinarsystem/webinarpress-13327-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-409-authenticated-customer-stored-cross-site-scripting</loc>
<lastmod>2026-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/permalink-manager/permalink-manager-lite-243-reflected-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-page-template/custom-post-type-page-template-11-cross-site-request-forgery</loc>
<lastmod>2023-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3113-missing-authorization-to-settings-update-in-optimizeallon</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pluscaptcha/pluscaptcha-206-reflected-cross-site-scripting</loc>
<lastmod>2015-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-custom-field-values/get-custom-field-values-40-arbitrary-post-metadata-access</loc>
<lastmod>2021-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-328-missing-authorization</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/betheme/betheme-2662-missing-authorization-to-post-title-change</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-mode/coming-soon-maintenance-mode-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-232-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restore-permanently-delete-post-or-page-data/restore-permanently-delete-post-or-page-data-10-cross-site-request-forgery</loc>
<lastmod>2025-08-22T15:52:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-157-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-spoiler/simple-spoiler-12-13-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-invoice/wp-invoice-web-invoice-and-billing-410-missing-authorization</loc>
<lastmod>2016-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/safety-exit/safety-exit-170-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-google-calendars/private-google-calendars-20250811-missing-authorization-to-authenticated-subscriber-settings-reset</loc>
<lastmod>2025-11-10T15:11:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vertical-scroll-recent-post/vertical-scroll-recent-post-138-reflected-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cmsmasters-content-composer/cmsmasters-content-composer-258-missing-authorization</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-11002-cross-site-request-forgery</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp01/wp01-speed-security-seo-consultant-262-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2025-03-14T14:25:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/simplecharm/simplecharm-143-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/gallery-plugin-for-wordpress-envira-photo-gallery-1110-missing-authorization-to-authenticated-contributor-gallery-conversion</loc>
<lastmod>2025-11-07T20:58:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-form-builder-20503-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2017-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ari-fancy-lightbox/ari-fancy-lightbox-1317-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/workscout-core/workscout-core-1706-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/anarkali/anarkali-109-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sg-helper/sg-helper-10-authenticated-administrator-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-12-03T14:20:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-266-missing-authorization</loc>
<lastmod>2023-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickyelements/my-sticky-elements-233-missing-authorization</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/t1/t1-theme-190-open-redirect</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spice-blocks/spice-blocks-2074-missing-authorization</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-9108001-unauthenticated-sql-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404-solution/404-solution-2357-authenticated-admin-sql-injection</loc>
<lastmod>2024-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-menu-manager/admin-menu-manager-103-cross-site-request-forgery</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-status-notifier/post-status-notifier-lite-and-premium-1116-reflected-cross-site-scripting-via-page</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptobe-signinup/wptobe-signinup-112-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theaisle-core/the-aisle-core-205-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userfeedback-lite/user-feedback-create-interactive-feedback-form-user-surveys-and-polls-in-seconds-180-missing-authorization-to-information-disclosure</loc>
<lastmod>2025-10-24T17:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-icons/menu-icons-by-themeisle-01313-authenticated-author-stored-cross-site-scripting-via-svg-upload</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-secure-maintainance/wp-secure-maintenance-16-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cloudflare/cloudflare-4122-missing-authorization-via-initproxy</loc>
<lastmod>2024-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-image-alt-text-generator-for-wp/ai-image-alt-text-generator-for-wp-106-reflected-cross-site-scripting</loc>
<lastmod>2025-01-30T00:50:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirects/redirects-121-missing-authorization</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visitors-online/visitors-online-by-bestwebsoft-100-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-url/pretty-url-154-reflected-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/archivist-custom-archive-templates/archivist-custom-archive-templates-174-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aawp/amazon-affiliate-317-reflected-cross-site-scripting</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-762-unauthenticated-reflected-cross-site-scripting</loc>
<lastmod>2022-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovabookpro/bookpro-110-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wish-list-for-woocommerce/wishlist-for-woocommerce-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/delhivery-logistics-courier/delhivery-logistics-courier-10107-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navayan-subscribe/navayan-subscribe-113-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/halstein/halstein-18-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dc-woocommerce-multi-vendor/wc-marketplace-413-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/u-design-core/udesign-core-4141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-spam-remover/user-spam-remover-11-unauthenticated-information-exposure</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supreme-addons-for-beaver-builder-lite/supreme-addons-for-beaver-builder-109-authenticated-contributor-stored-cross-site-scripting-via-auto_qrcodesabb-shortcode</loc>
<lastmod>2025-07-23T20:52:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-190-blind-server-side-request-forgery-via-downloadphp</loc>
<lastmod>2020-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customize-login-page/customize-login-page-11-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contactme/contact-form-by-contactmecom-23-cross-site-scripting</loc>
<lastmod>2015-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-ads/newspack-ads-1471-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-quiz/wp-adv-quiz-102-authenticated-admin-stored-cross-site-scripting-via-quiz-title</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-645-reflected-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/h5pxapikatchu/snordians-h5pxapikatchu-0417-unauthenticated-stored-cross-site-scripting-via-insert_data</loc>
<lastmod>2025-11-13T13:59:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-elementor-addons-free-widgets-extensions-and-templates-290-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-press/cms-press-023-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-urls/simple-urls-114-reflected-cross-site-scripting</loc>
<lastmod>2023-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-reloaded/limit-login-attempts-reloaded-22526-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20230308-cross-site-request-forgery</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-contact-form/quick-contact-form-8031-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-live-chat-support/wp-live-chat-support-8032-unprotected-functions</loc>
<lastmod>2019-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-admin-login-styler-wpzest/custom-admin-login-page-wpzest-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancier-author-box/fancier-author-box-by-thematosoup-14-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wplms/wplms-4900-cross-site-request-forgery</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-real-time-statistics/wp-post-statistics-visitors-visits-counter-25-cross-site-scripting</loc>
<lastmod>2022-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widget-options/widget-options-advanced-conditional-visibility-for-gutenberg-blocks-classic-widgets-423-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emergency-password-reset/emergency-password-reset-80-cross-site-request-forgery</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relocate-upload/relocate-upload-0241-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/werkstatt-plugin/werkstatt-166-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/discy/discy-51-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-chat-box/firebase-support-chat-management-311-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-05-26T17:20:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adforest/adforest-6011-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dtracker/dtracker-15-authorization-bypass</loc>
<lastmod>2017-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shopify/wp-shopify-153-reflected-cross-site-scripting</loc>
<lastmod>2025-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/furikake/furikake-010-open-redirect</loc>
<lastmod>2018-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hostiko/hostiko-9436-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/royal-elementor-kit/royal-elementor-kit-10116-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack/element-pack-pro-7210-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-video-player/youtube-embed-playlist-and-popup-238-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dagda/dagda-theme-50-arbitrary-file-upload</loc>
<lastmod>2012-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-video-player/html5-video-player-mp4-video-player-plugin-and-block-2532-missing-authorization-in-multiple-functions-via-h5vp_ajax_handler</loc>
<lastmod>2024-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-162-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-window/modal-window-create-popup-modal-window-539-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olympus-shortcodes/olympus-shortcodes-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-533-unauthenticated-stored-cross-site-scripting-via-fh-parameter</loc>
<lastmod>2026-01-08T18:00:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sermon-browser/sermon-browser-0436-sql-injection</loc>
<lastmod>2011-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-maintenance-mode-for-wp/ns-maintenance-mode-for-wp-131-unauthenticated-information-exposure</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/precise-columns/precise-columns-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:10:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formidable/formidable-forms-601-ip-spoofing-via-http-header</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T20:47:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epicwin-subscribers/epicwin-plugin-15-cross-site-request-forgery-to-sql-injection</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-1032-insecure-direct-object-reference-to-unauthenticated-arbitrary-post-metadata-modification-via-recipeid-parameter</loc>
<lastmod>2026-02-26T15:59:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-page-builder-31914-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimization/image-optimizer-by-elementor-171-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-spreadsheets/cf7-spreadsheets-232-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcrm/wpcrm-crm-for-contact-form-cf7-woocommerce-320-reflected-cross-site-scripting</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce/premmerce-1320-authenticated-subscriber-stored-cross-site-scripting-via-premmerce_wizard_actions-ajax-endpoint</loc>
<lastmod>2026-02-06T20:25:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-390-missing-authorization</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-553-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2020-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetize-pages-light/widgetize-pages-light-30-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/underconstruction/underconstruction-109-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-block-patterns/vk-block-patterns-1310-missing-authorization</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/moosend-email-marketing/moosend-website-connector-10189-missing-authorization</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-555-authenticated-admin-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-2591-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-form/jotform-online-forms-131-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-0935-sensitive-information-disclosure</loc>
<lastmod>2020-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-no-cache/content-no-cache-prevent-specific-content-from-being-cached-012-unauthenticated-private-content-disclosure</loc>
<lastmod>2024-12-23T20:43:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-logger/login-logger-121-cross-site-request-forgery</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carzine/carzine-146-reflected-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpglobus/wpglobus-multilingual-everything-196-cross-site-scripting-via-wpglobus_optionpost_typepost</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/web-minimalist-200901/web-minimalist-200901-11-cross-site-scripting</loc>
<lastmod>2011-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpmastertoolkit/wpmastertoolkit-1131-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-bootstrap-blocks/all-bootstrap-blocks-1319-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-ui/custom-post-type-ui-1180-missing-authorization-to-unauthenticated-previously-administrator-custom-post-type-modification</loc>
<lastmod>2025-12-03T18:13:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primary-addon-for-elementor/primary-addon-for-elementor-158-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shiftup/shiftup-13-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-copysafe-web/copysafe-web-protection-314-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-frontend-manager/pz-frontend-manager-106-missing-authorization-to-arbitrary-user-deletion-via-datatype-parameter</loc>
<lastmod>2026-04-07T17:39:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-410-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-google-data-studio/embed-google-datastudio-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-11T14:48:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/motors-car-dealership-classified-listings/motors-car-dealership-classified-listings-plugin-1463-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-icon/category-icon-102-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ui/shortcodes-ui-198-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-342-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anyclip-media/anyclip-luminous-studio-133-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-5412-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-iconics/wp-iconics-004-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:25:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-tools/gdpr-tools-102-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-plugin-scripteo/ads-pro-plugin-50-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learning-management-system/masteriyo-lms-1114-missing-authorization</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ced-good-market-integration/cedcommerce-integration-for-good-market-106-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra-fields/wp-extra-fields-101-reflected-cross-site-scripting</loc>
<lastmod>2025-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-313-authenticated-contributor-stored-cross-site-scripting-via-header_size</loc>
<lastmod>2021-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexo-posts-manager/flexo-posts-manager-10001-reflected-cross-site-scripting</loc>
<lastmod>2025-06-14T14:20:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/panda/panda-121-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/screenshot-machine-shortcode/jsm-screenshot-machine-shortcode-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-verification/age-verification-04-open-redirect</loc>
<lastmod>2012-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-inserter/ad-inserter-ad-manager-and-adsense-ads-280-reflected-cross-site-scripting</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediacommander/mediacommander-bring-folders-to-media-posts-and-pages-231-missing-authorization-to-authenticated-author-media-folder-deletion</loc>
<lastmod>2025-12-12T16:18:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/game-tabs/game-tabs-040-cross-site-scripting</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lupsonline-link-netwerk/seo-flow-by-lupsonline-221-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-education/wp-education-126-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-maintenance-mode/woocommerce-maintenance-mode-201-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-slider-with-lightbox/thumbnail-slider-with-lightbox-1021-authenticated-contributor-dom-based-stored-cross-site-scripting</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-576-authenticated-contributor-stored-cross-site-scripting-via-title_tag</loc>
<lastmod>2024-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-request-forgery</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/planaday-api/planaday-api-114-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/Ultimate_VC_Addons/ultimate-addons-for-wpbakery-31611-cross-site-scripting</loc>
<lastmod>2017-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-form/ws-form-lite-and-pro-11013-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-reflected-cross-site-scripting-via-editrecord</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobsearch/jobsearch-wp-job-board-181-missing-authorization-on-jobsearch_update_job_import_schedule_call-function</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kitring/kitring-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploading-svgwebp-and-ico-files/uploading-svg-webp-and-ico-files-101-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gdpr-cookie-compliance/gdpr-cookie-compliance-402-missing-authorization</loc>
<lastmod>2019-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-music-player/wp-music-player-13-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-5948-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academist-membership/academist-membership-116-authentication-bypass-via-account-takeover</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/citadela-directory/citadela-listing-5200-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/snsavaz/avaz-28-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debounce-io-email-validator/debounce-email-validator-580-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:33:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advance-wc-analytics/advanced-wc-analytics-3190-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backupbuddy/backupbuddy-8580-8741-arbitrary-file-download</loc>
<lastmod>2022-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gigpress/gigpress-2310-sql-injection</loc>
<lastmod>2015-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-order-cancellation-return/order-cancellation-returns-for-woocommerce-1112-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-authenticated-contributor-sql-injection</loc>
<lastmod>2024-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-advanced-product-information/advanced-product-information-for-woocommerce-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nopeamedia/print-pdf-generator-and-publisher-120-cross-site-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arprice-responsive-pricing-table/pricing-table-plugin-36-unauthenticated-sql-injection</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-41514-authenticated-admin-stored-cross-site-scripting-via-labels</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listingpro-plugin/listingpro-plugin-294-authenticated-author-local-file-inclusion</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-portfolio/a3rev-multiple-plugins-various-versions-cross-site-request-forgery-to-settings-changes</loc>
<lastmod>2022-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/huzzaz-video-gallery/video-gallery-by-huzzaz-105-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-woo-search/advanced-woo-search-296-reflected-cross-site-scripting</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-651-unauthenticated-privilege-escalation</loc>
<lastmod>2024-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modular-connector/modular-connector-251-cross-site-request-forgery-via-postconfirmoauth</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blog/jetblog-244-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/urbango-membership/urbango-membership-104-unauthenticated-privilege-escalation</loc>
<lastmod>2025-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/eximius/eximius-22-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbot-pro/wpbot-pro-wordpress-chatbot-1355-missing-authorization-to-authenticated-subscriber-simple-text-response-creation</loc>
<lastmod>2025-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1323-reflected-cross-site-scripting-via-ip</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kb-support/kb-support-160-missing-authorization</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-and-client-message-after-order-for-woocommerce/admin-and-customer-messages-after-order-for-woocommerce-orderconvo-14-missing-authorization-to-unauthenticated-information-disclosure</loc>
<lastmod>2025-11-24T19:18:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skype-online-status/skype-legacy-buttons-31-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/search-analytics/wp-search-analytics-145-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-246-authenticated-contributor-stored-cross-site-scripting-via-cookies_revoke_shortcode-shortcode</loc>
<lastmod>2023-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-1550-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-shortcode/menu-shortcode-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-205-user-metadata-information-disclosure</loc>
<lastmod>2006-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gt3-photo-video-gallery/photo-gallery-gt3-image-gallery-gutenberg-block-gallery-27724-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/giveasap/simple-giveaways-2450-authenticatedadmin-stored-cross-site-scripting-via-form-fields</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18170-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-533-missing-authorization-to-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-bank/gallery-bank-wordpress-photo-gallery-plugin-4050-stored-cross-site-scripting-via-gallery-description</loc>
<lastmod>2022-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-seopress/seopress-500-503-stored-cross-site-scripting</loc>
<lastmod>2021-08-16T15:33:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschedule-by-todaymade/coschedule-3311-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apimo/apimo-connector-264-missing-authorization</loc>
<lastmod>2026-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-208-authenticated-contributor-stored-cross-site-scripting-via-button-widget-custom-attributes</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletters-lite/newsletters-4994-authenticated-contributor-stored-cross-site-scripting-via-newsletters_video-shortcode</loc>
<lastmod>2024-10-28T23:13:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-flexible-layouts-manager/acf-flexible-layouts-manager-116-missing-authorization-to-unauthenticated-custom-field-update</loc>
<lastmod>2025-11-17T20:17:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-355-stored-cross-site-scripting</loc>
<lastmod>2015-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-62614-missing-authorization</loc>
<lastmod>2026-02-05T18:30:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-slider-3/smart-slider-3-35122-missing-authorization-to-limited-file-upload</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/disqus-popular-posts/disqus-popular-posts-211-reflected-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-11351-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pawfriends/pawfriends-pet-shop-and-veterinary-wordpress-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ip-metaboxes/ip-metaboxes-211-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-403-cross-site-scripting</loc>
<lastmod>2016-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chat-help/chat-help-click-to-chat-button-form-313-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-18T17:40:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rocket/wp-rocket-2103-local-file-inclusion</loc>
<lastmod>2017-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yournewsapp/blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-0888-unauthenticated-sql-injection</loc>
<lastmod>2025-10-02T22:15:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-522-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-12T19:09:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-305-reflected-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-239-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/letsrecover-woocommerce-abandoned-cart/letsrecover-110-unauthenticated-sql-injection-via-ajax-action</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ipharm/ipharm-123-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/document-data-automation/document-data-automation-161-cross-site-request-forgery</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-extra-fields/profile-extra-fields-by-bestwebsoft-127-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2023-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fluida/fluida-188-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-specifications/product-specifications-for-woocommerce-060-reflected-cross-site-scripting-via-arbitrary-query-string-parameter</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-replicate-post/wp-replicate-post-402-authenticated-contributor-sql-injection</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobhunt/wp-jobhunt-71-authentication-bypass</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2625-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-plus-addons-for-elementor-page-builder/the-plus-addons-for-elementor-addons-for-elementor-page-templates-widgets-mega-menu-woocommerce-647-unauthenticated-email-relay</loc>
<lastmod>2026-02-21T19:49:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ldd-directory-lite/ldd-directory-lite-33-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magone/magone-90-reflected-cross-site-scripting</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/homelancer/homelancer-101-missing-authorization</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-manager/contact-manager-91-unauthenticated-php-object-injection</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp-mailer/smtp-mailer-1124-unauthenticated-information-exposure</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-youtube-channel-pagination/advanced-youtube-channel-pagination-10-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infographic-and-list-builder-ilist/ai-infographic-maker-467-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-smart-filters/jetsmartfilters-367-authenticated-subscriber-sensitive-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-show-login-form/wordpress-login-form-to-anywhere-02-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-companion/cpo-companion-104-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-changer/feed-changer-02-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixabay-images/pixabay-images-23-arbitrary-file-upload</loc>
<lastmod>2015-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-manager/newsletter-manager-102-cross-site-scripting-via-test_mailphp</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indigitall-web-push-notifications/iurny-by-indigitall-whatsapp-chat-web-push-notifications-free-322-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-order-limit-lite/order-limit-for-woocommerce-302-missing-authorization</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-ebay/wp-lister-lite-for-ebay-363-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mavis-https-to-http-redirect/mavis-https-to-http-redirection-143-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user/wp-user-70-unauthenticated-sql-injection</loc>
<lastmod>2022-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cm-answers/cm-answers-326-missing-authorization</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-1016-cross-site-request-forgery-to-arbitrary-postpage-deletion</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-6072-missing-authorization</loc>
<lastmod>2026-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-blocks/jetblocks-for-elementor-1318-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pandavideo/panda-video-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-08T20:01:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/display-product-variations-dropdown-on-shop-page/display-product-variations-dropdown-on-shop-page-113-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canonical-attachments/canonical-attachments-17-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-advanced/inline-google-maps-511-cross-site-request-forgery</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ce21-suite/ce21-suite-231-unauthenticated-sensitive-information-exposure-to-privilege-escalation</loc>
<lastmod>2025-11-03T15:24:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-multi-design-video-carousel/ultimate-multi-design-video-carousel-14-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-10-02T22:32:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-feed-widget/rss-feed-widget-280-reflected-cross-site-scripting</loc>
<lastmod>2020-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-vertical-reel-scroll-slideshow/image-vertical-reel-scroll-slideshow-90-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-contact-forms/simple-contact-forms-164-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-block/fancypost-601-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyazon/easyazon-amazon-associates-affiliate-510-missing-authorization-on-ajax-actions</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-roles/user-role-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotuwp-easy-youtube-embed/video-gallery-youtube-playlist-channel-gallery-by-yotuwp-138-missing-authorization</loc>
<lastmod>2022-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/easycart-1130-3020-privilege-escalation</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit-pro/wpbookit-pro-1618-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mosaic-generator/mosaic-generator-105-authenticated-contributor-stored-cross-site-scripting-via-c-parameter</loc>
<lastmod>2025-08-11T14:05:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-stats-for-envato-sales-by-item/envato-sales-by-item-11-unauthenticated-sql-injection-via-ajax-call</loc>
<lastmod>2022-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-374-authenticated-administrator-sql-injection</loc>
<lastmod>2025-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/justicia/justicia-lawyer-wordpress-theme-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/export-all-post-meta/export-all-post-meta-121-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/addison/addison-148-unauthenticated-php-object-injection</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-user-dzs-showcase-your-admin-safely/demo-user-dzs-showcase-your-admin-safely-110-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-tool-tip/awesome-tool-tip-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-booking-widget/simple-booking-widget-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2814-unauthenticated-sql-injection</loc>
<lastmod>2026-03-02T04:44:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-146-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-store-locatorgoogle-mapsopenstreetmapmapboxlistingdirectory-filters-487-authenticated-contributor-stored-cross-site-scripting-via-put_wpgm-shortcode</loc>
<lastmod>2026-04-15T17:46:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/walk-score/walk-score-plugin-055-cross-site-scripting</loc>
<lastmod>2014-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirection-plus/redirection-plus-200-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-firewall/shield-security-blocks-bots-protects-users-and-prevents-security-breaches-2109-missing-authorization-to-authenticated-subscriber-email-mfa-update</loc>
<lastmod>2026-02-18T16:16:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epic-bootstrap-buttons/epic-bootstrap-buttons-10-authenticated-contributor-stored-cross-site-scripting-via-icol-parameter</loc>
<lastmod>2025-10-02T22:12:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-5101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-profile/wp-frontend-profile-131-unauthenticated-privilege-escalation</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-3940-authenticated-editor-php-object-injection</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-stock-alert/woocommerce-product-stock-alert-201-information-disclosure</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-682-missing-authorization-to-unauthenticated-password-protected-event-disclosure</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-custom-fields-groups/all-custom-fields-groups-104-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-471-cross-site-request-forgery-via-widget-editing</loc>
<lastmod>2017-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anant-addons-for-elementor/anant-addons-for-elementor-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-language-translator/google-language-translator-6019-missing-authorization-via-admin-notifications</loc>
<lastmod>2023-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tencentcloud-cos/tencentcloud-cos-107-missing-authorization-via-ajax-actions</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-embed-plus/embed-plus-plugin-for-youtube-1181-cross-site-request-forgery</loc>
<lastmod>2017-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/emailkit/emailkit-161-authenticated-author-arbitrary-file-read-via-path-traversal</loc>
<lastmod>2026-01-06T14:21:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-3268-privilege-escalation-via-accept-to-be-teacher-action-parameter</loc>
<lastmod>2020-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/minhnhut-link-gateway/minhnhut-link-gateway-361-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-03-20T15:14:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-best-elementor-templates-widgets-kits-woocommerce-builders-5919-authenticated-contributor-stored-cross-site-scripting-via-interactive-circles</loc>
<lastmod>2024-05-09T19:28:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-cloudflare-turnstile/simple-cloudflare-turnstile-1231-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/another-events-calendar/another-events-calendar-170-reflected-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usc-e-shop/welcart-e-commerce-295-authenticated-administrator-php-object-injection</loc>
<lastmod>2023-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe-to-comments-reloaded/subscribe-to-comments-reloaded-240119-improper-authorization-to-unauthenticated-arbitrary-subscription-management</loc>
<lastmod>2026-05-04T14:11:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cumulus/wp-cumulus-122-cross-site-scripting-via-xmlpath</loc>
<lastmod>2011-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css-editor/custom-css-140-missing-authorization</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatewoo/automatewoo-571-authenticated-shop-manager-sql-injection</loc>
<lastmod>2023-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-301-cross-site-request-forgery-to-customer-deletion-via-delete</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videojs-html5-video-player-for-wordpress/videojs-html5-video-player-for-wordpress-450-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/carspot/carspot-246-reflected-cross-site-scripting</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-companion/cpo-companion-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oshine-modules/oshine-modules-338-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profiler-what-slowing-down/profiler-what-slowing-down-your-wp-100-missing-authentication-to-unauthenticated-arbitrary-plugin-reactivation-via-state-restoration</loc>
<lastmod>2025-06-06T16:15:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jobs/wp-jobs-15-sql-injection</loc>
<lastmod>2017-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2430-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2024-08-22T19:57:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-163-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-affiliate/wc-affiliate-216-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-block/fancypost-best-ultimate-post-block-post-grid-layouts-carousel-slider-for-gutenberg-elementor-531-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syntaxhighlighter/syntaxhighlighter-evolved-371-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-floating-cart-lite/xt-floating-cart-for-woocommerce-282-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-11-04T22:58:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-scheduler/multi-scheduler-100-cross-site-request-forgery</loc>
<lastmod>2020-05-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-svg-upload/wp-svg-upload-100-authenticated-author-stored-cross-site-scripting-via-svg</loc>
<lastmod>2025-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ali2woo-lite/ali2woo-lite-336-reflected-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/LayerSlider/layerslider-779-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-352-arbitrary-file-upload</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/spare/spare-17-cross-site-request-forgery</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-random-redirect/better-random-redirect-1320-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/big-store/big-store-208-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-241-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registered-user-sync-activecampaign/user-sync-activecampaign-132-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbs-e-franchise/bbs-e-franchise-114-sql-injection</loc>
<lastmod>2016-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photostack-gallery/photostack-gallery-041-unauthenticated-sql-injection-via-postid-parameter</loc>
<lastmod>2026-02-13T18:10:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3210-insecure-direct-object-reference-to-authenticated-contributor-post-duplication-via-post_id-parameter</loc>
<lastmod>2026-03-10T19:07:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-wordpress-70-missing-authorization-to-unauthenticated-arbitrary-options-deletion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/layouts-for-elementor/layouts-for-elementor-111-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-shipping-and-billing-address-for-woocommerce/multiple-shipping-and-billing-address-for-woocommerce-15-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-446-authenticated-contributor-stored-cross-site-scripting-via-nxs_fbembed-shortcode</loc>
<lastmod>2026-03-09T21:33:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/unicamp/unicamp-263-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxbuttons/maxbuttons-983-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foobox-image-lightbox/lightbox-modal-popup-wordpress-plugin-foobox-2728-authenticated-contributor-stored-dom-based-cross-site-scripting-via-html-data-attributes</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-time-auto-find-and-replace/better-find-and-replace-176-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ipanorama-360-virtual-tour-builder-lite/ipanorama-360-wordpress-virtual-tour-builder-181-missing-authorization</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyappointments/easyappointments-142-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderm00ns-simple-facebook-open-graph-tags/open-graph-and-twitter-card-tags-2241-unauthenticated-cross-site-scripting</loc>
<lastmod>2018-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calais-auto-tagger/wp-calais-auto-tagger-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/save-as-pdf-by-pdfcrowd/save-as-pdf-321-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-wordpress-posts-bulk-editor-and-manager-professional-1087-authenticated-editor-sql-injection</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-921-cross-site-request-forgery</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-course-review/learnpress-course-review-419-authenticated-learnpress-student-stored-cross-site-scripting</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/falang/falang-multilanguage-1361-cross-site-request-forgery</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrly-seo/seo-plugin-by-squirrly-seo-12120-missing-authorization</loc>
<lastmod>2023-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-calendar-bookings-tickets-and-more-663-unauthenticated-sql-injection-via-event-status-parameter</loc>
<lastmod>2025-02-20T16:21:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/magazine-saga/magazine-saga-127-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-css-js-php/custom-css-js-php-207-unauthenticated-remote-code-execution</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-720-728-authenticated-subscriber-remote-code-execution-via-code-injection</loc>
<lastmod>2025-09-16T17:10:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exclusive-addons-for-elementor/exclusive-addons-for-elementor-268-authenticated-contributor-stored-cross-site-scripting-via-link-anything</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-egg/content-egg-540-cross-site-request-forgery</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bunnycdn/bunnynet-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-list/contact-list-easy-business-directory-staff-directory-and-address-book-plugin-2941-reflected-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2kb-amazon-affiliates-store/2kb-amazon-affiliates-store-211-reflected-cross-site-scripting</loc>
<lastmod>2017-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-211-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2020-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-table-filterable/tableon-wordpress-posts-table-filterable-1051-unauthenticated-sql-injection</loc>
<lastmod>2026-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/softme/softme-1124-missing-authorization</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-recaptcha/wp-captcha-pro-538-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-06-05T05:58:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-addons-for-elementor/elementor-addons-widgets-and-enhancements-stax-143-missing-authorization-in-toggle_widget</loc>
<lastmod>2023-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-wiki-tooltip/wp-wiki-tooltip-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:21:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-shipping-dpd-baltic/woocommerce-shipping-dpd-baltic-128-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comments-import-export-woocommerce/wordpress-comments-import-export-235-cross-site-request-forgery</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/offsprout-page-builder/offsprout-page-builder-221-2152-authenticated-contributor-privilege-escalation-via-permission_callback-function</loc>
<lastmod>2025-05-30T18:09:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardoza-facebook-like-box/easy-social-like-box-popup-sidebar-widget-283-cross-site-scripting</loc>
<lastmod>2014-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-594-missing-authorization</loc>
<lastmod>2024-05-23T18:07:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-settings/advanced-settings-301-cross-site-request-forgery</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion_slider_pro/accordion-slider-pro-12-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-logo/custom-logo-22-authenticated-administrator-stored-cross-site-scripting-via-logo-path-setting</loc>
<lastmod>2026-02-25T12:48:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-floating-content/advanced-floating-content-382-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tm-islamic-helper/tm-islamic-helper-101-reflected-cross-site-scripting</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seriously-simple-stats/seriously-simple-stats-151-reflected-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/medicenter/medicenter-health-medical-clinic-wordpress-theme-146-missing-authorization</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-347-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/soledad/soledad-859-unauthenticated-limited-local-file-inclusion</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-18-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bookmarks/wp-bookmarks-11-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locker-content/locker-content-100-unauthenticated-information-exposure</loc>
<lastmod>2025-11-24T19:16:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webpurifytextreplace/webpurify-profanity-filter-402-missing-authorization-to-unauthenticated-plugin-settings-change-via-webpurify_save_options</loc>
<lastmod>2026-02-03T19:32:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blixed/blix-091-blixed-10-blixkrieg-22-reflected-cross-site-scripting</loc>
<lastmod>2007-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-to-call-or-chat-buttons/click-to-call-or-chat-buttons-140-authenticatedadmin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jay-login-register/jay-login-register-2401-authentication-bypass-via-cookie</loc>
<lastmod>2025-12-12T16:06:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimole-wp/image-optimization-service-by-optimole-410-insecure-direct-object-reference-to-authenticated-author-media-offload</loc>
<lastmod>2025-10-17T18:03:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.3/wordpress-core-542-self-cross-site-scripting-via-theme-folder-name</loc>
<lastmod>2020-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/schema-scalpel/schema-scalpel-161-authenticated-contributor-stored-cross-site-scripting-via-post-title-in-json-ld-schema</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-255-sql-injection</loc>
<lastmod>2013-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-share-boost/social-share-boost-44-authenticated-contributor-stored-cross-site-scripting-via-ssboost-shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photoblocks-grid-gallery/gallery-photoblocks-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/worker/manage-wp-worker-492-authentication-bypass</loc>
<lastmod>2020-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-staging/migration-backup-restore-343-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/u-design-core/udesign-core-4140-missing-authorization</loc>
<lastmod>2025-09-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/service-updates-for-customers/services-updates-for-customers-10-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-for-redirection/redirecter-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iteras/iteras-180-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-editor/wp-editor-1291-authenticated-administrator-directory-traversal-to-arbitrary-file-update</loc>
<lastmod>2025-04-16T17:10:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rajce/rajce-042-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real3d-flipbook-lite/3d-flipbook-pdf-viewer-pdf-embedder-real-3d-flipbook-wordpress-plugin-371-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-95-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01038-missing-authorization-to-unauthenticated-api-setuparbitrary-options-updateadministrative-user-creation</loc>
<lastmod>2024-06-11T21:44:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-395-authentication-bypass-via-social-login</loc>
<lastmod>2026-03-09T16:33:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devbuddy-twitter-feed/devbuddy-twitter-feed-400-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelcockpit/funnelcockpit-143-reflected-cross-site-scripting</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-278-cross-site-request-forgery</loc>
<lastmod>2025-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-127-authenticatedcontributor-clickjacking-via-iframe-injection</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-trim-interface/admin-trim-interface-351-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-26T13:08:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vrm360/vrm-360-3d-model-viewer-121-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2023-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/posts-by-tag/posts-by-tag-321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-import/csv-import-10-reflected-cross-site-scripting</loc>
<lastmod>2016-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-donations/donations-made-easy-smart-donations-4012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/etruel-del-post-copies/wp-delete-post-copies-602-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T20:39:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-508-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-forms-by-mailmunch/constant-contact-forms-by-mailmunch-212-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T13:25:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xv-random-quotes/xv-random-quotes-140-cross-site-request-forgery-to-settings-reset</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/tiger/tiger-20-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_roknewspager/roknewspager-117-cross-site-scripting</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webcam-2way-videochat/webcam-2way-videochat-441-cross-site-scripting</loc>
<lastmod>2014-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-notifier/broken-link-notifier-135-missing-authorization</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/subscribe2/subscribe2-1040-cross-site-request-forgery</loc>
<lastmod>2023-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/greenville/greenville-private-school-university-education-wordpress-theme-132-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterlinks/betterlinks-160-improper-authorization-to-data-import-and-export</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/more-link-modifier/more-link-modifier-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/owl-carousel/owl-carousel-053-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-154-csv-injection</loc>
<lastmod>2018-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms-form-builder/arforms-form-builder-161-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ibtana-visual-editor/ibtana-1249-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mortgage-calculators-wp/mortgage-calculators-wp-153-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitepress-multilingual-cms/wpml-multilingual-cms-360-473-authenticated-contributor-stored-cross-site-scripting-via-wpml_language_switcher-shortcode</loc>
<lastmod>2025-05-01T17:11:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/myshouts-shoutbox/author-munzir-09-reflected-cross-site-scripting</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/appexperts/appexperts-145-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-menu/jetmenu-249-missing-authorization</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontend-post-submission-manager-lite/frontend-post-submission-manager-lite-127-unauthenticated-open-redirect-via-requested_page-parameter</loc>
<lastmod>2026-02-17T16:14:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/global-flash-galleries/global-flash-gallery-0134-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/support-plus-responsive-ticket-system-41-sql-injection</loc>
<lastmod>2014-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gocodes/gocodes-135-authenticated-blind-sql-injection</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faqs/faqs-102-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-plugin-manager/plugin-manager-147-cross-site-request-forgery</loc>
<lastmod>2025-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learn-manager/wp-lms-best-wordpress-lms-plugin-115-cross-site-scripting</loc>
<lastmod>2021-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electio-core/electio-core-14-unauthenticated-sql-injection</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-421-authenticated-sales-rep-arbitrary-file-upload</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-31021-authenticated-contributor-stored-cross-site-scripting-via-csti</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-310-multiple-cross-site-request-forgery</loc>
<lastmod>2014-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-hdm-for-taxservice-am/tax-service-electronic-hdm-120-unauthenticated-arbitrary-sql-injection</loc>
<lastmod>2025-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iamport-for-woocommerce/portone-325-reflected-cross-site-scripting</loc>
<lastmod>2024-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-229-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-blocks/gutslider-all-in-one-block-slider-272-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-manager-connector/emagicone-store-manager-for-woocommerce-132-unauthenticated-sql-injection</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sms-alert/sms-alert-order-notifications-woocommerce-378-unauthenticated-sql-injection</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/pdf-flipbook-3d-flipbook-dearflip-2226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-61517-authenticated-author-arbitrary-file-read-via-ajax_create_import</loc>
<lastmod>2026-03-09T14:40:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/license-manager-for-woocommerce/license-manager-for-woocommerce-306-improper-authorization-to-authenticatedcontributor-sensitive-information-exposure</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html-forms/html-forms-1324-authenticated-administrator-sql-injection</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/wpforms-lite-1931-authenticated-contributor-stored-cross-site-scripting-via-fieldhtml-parameter</loc>
<lastmod>2025-02-03T20:01:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-classified-listings/ultimate-classified-listings-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shopify/wp-shopify-159-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/curly/curly-33-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-pack-addon/the-pack-elementor-addons-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/community-events/community-events-151-unauthenticated-sql-injection</loc>
<lastmod>2025-10-08T13:32:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cute-news-ticker/cute-news-ticker-10-authenticated-contributor-stored-cross-site-scripting-via-color-shortcode-attribute</loc>
<lastmod>2025-12-05T17:43:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/podlove-podcasting-plugin-for-wordpress/podlove-podcast-publisher-425-open-redirect</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-e-commerce-for-woocommerce-store/conversiosio-google-analytics-and-google-shopping-plugin-for-woocommerce-461-authenticated-sql-injection</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/albo-pretorio-on-line/albo-pretorio-online-466-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-visual-composer-extension/image-hover-effects-for-wpbakery-page-builder-40-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photographers-galleries/photographers-galleries-118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T20:21:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-110-1118-missing-authorization-to-authenticated-subscriber-privilege-escalation-via-tfhb_reset_password_callback-function</loc>
<lastmod>2025-07-28T20:38:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mf-gig-calendar/mf-gig-calendar-12-authenticated-contributor-stored-cross-site-scripting-via-event_title-and-event_time</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp/my-wp-customize-adminfrontend-1240-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-geonames/wp-geonames-1901-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-4164-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooframework-branding/wooframework-branding-101-reflected-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-874-missing-authorization-to-authenticated-subscriber-arbitrary-post-modification</loc>
<lastmod>2026-02-17T21:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravityformswebhooks/gravity-forms-webhooks-160-authenticated-admin-server-side-request-forgery-via-webhook</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-login-new-user-after-registration/auto-login-new-user-after-registration-196-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2023-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-compliance/wp-gdpr-compliance-142-arbitrary-options-update-and-action-calling</loc>
<lastmod>2018-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-booking-calendar/wp-simple-booking-calendar-206-authenticated-sql-injection</loc>
<lastmod>2021-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-importer/theme-importer-10-cross-site-request-forgery</loc>
<lastmod>2025-10-14T19:46:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-by-supsystic/newsletter-by-supsystic-156-authenticated-admin-time-based-blind-sql-injection</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-extend/ajax-extend-10-unauthenticated-remote-code-execution</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-200-203-unauthenticated-redirect-export</loc>
<lastmod>2021-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/meloo/meloo-282-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-553-authenticated-contributor-stored-cross-site-scripting-via-link</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-222-missing-authorization</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-2112-missing-authorization</loc>
<lastmod>2025-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/razorpay-payment-button-elementor/razorpay-payment-button-for-elementor-125-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T13:21:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woorewards/myrewards-573-missing-authorization</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/prepost-seo/prepost-seo-30-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-416-cross-site-scripting</loc>
<lastmod>2019-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/drag-and-drop-multiple-file-upload-for-woocommerce-116-unauthenticated-arbitrary-file-upload-via-upload-function</loc>
<lastmod>2025-05-08T20:19:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aa-calculator/aa-cash-calculator-10-reflected-cross-site-scripting-via-invoice</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-lite/easy-contact-form-lite-1123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-invoices/client-invoicing-by-sprout-invoices-2087-missing-authorization</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pwa-for-wp/pwa-for-wp-amp-plugin-108-cross-site-scripting</loc>
<lastmod>2019-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wishlist/premmerce-wishlist-for-woocommerce-1110-missing-authorization-to-authenticated-subscriber-arbitrary-wishlist-deletion</loc>
<lastmod>2025-12-11T15:05:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11335-sql-injection</loc>
<lastmod>2020-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-carousel-free/carousel-slider-gallery-by-wp-carousel-image-carousel-photo-gallery-post-carousel-post-grid-product-carousel-product-grid-for-woocommerce-263-authenticated-contributor-stored-cross-site-scripting-via-sp_wp_carousel_shortcode</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-ai-copilot-chatbot-woocommerce-lead-gen-zero-prompt-content-122-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-url-cron/get-url-cron-147-cross-site-request-forgery-via-geturlcron_action_handle</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-pro/otter-blocks-pro-263-authenticatedcontributor-stored-cross-site-scripting-via-file-field-css</loc>
<lastmod>2024-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-215-authentication-bypass</loc>
<lastmod>2020-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-for-gutenberg-483-missing-authorization</loc>
<lastmod>2025-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1013-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date/order-delivery-date-pro-for-woocommerce-1260-unauthenticated-arbitrary-post-title-disclosure</loc>
<lastmod>2025-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-plugin-lite-version-2921-reflected-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memberlite-shortcodes/memberlite-shortcodes-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/manage-shipyaari-shipping/shipyaari-shipping-management-10-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-author/wp-post-author-382-authenticated-administrator-sql-injection</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-user-registration/wpforms-user-registration-210-missing-authorization-to-authenticated-contributor-privilege-escalation</loc>
<lastmod>2024-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starter-templates/starter-templates-by-fancywp-200-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-01-30T00:46:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-creator/table-of-contents-creator-1641-reflected-cross-site-scripting</loc>
<lastmod>2026-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/series/series-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cron-manager/advanced-cron-manager-241-subscriber-arbitrary-eventsschedules-creationdeletion</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynax-bridge/flynax-bridge-220-unauthenticated-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-04-23T19:43:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/theflash/the-flash-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/360-view/360-view-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/external-media/external-media-1036-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-zendesk/wp-zendesk-for-contact-form-7-wpforms-elementor-formidable-and-ninja-forms-113-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter-page-redirects/ai-magic-104-unauthenticated-privilege-escalation</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-pickup-delivery-dine-in/pickup-delivery-dine-in-date-time-109-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-beaver-builder/livemesh-addons-for-beaver-builder-392-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-128-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-form-integration/afi-the-easiest-integration-plugin-1920-reflected-cross-site-scripting</loc>
<lastmod>2024-11-12T18:26:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-542-authenticated-admin-local-file-inclusion-via-import_file_url</loc>
<lastmod>2023-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/copyscape-premium/copyscape-premium-138-cross-site-request-forgery</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculated-fields-form/calculated-fields-form-11120-missing-authorization-to-feedback-submission</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-weak-validation-of-amazon-sns-push-messages</loc>
<lastmod>2016-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-widget-elementor/void-contact-form-7-widget-for-elementor-page-builder-23-missing-authorization</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/event-manager-and-tickets-selling-plugin-for-woocommerce-379-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digitimber-cpanel-integration/digitimber-cpanel-integration-146-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cornerstone/cornerstone-789-missing-authorization</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-church-donation/wp-church-donation-17-cross-site-request-forgery</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webful-simple-grocery-shop/wordpress-simple-shop-12-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lead-capturing-call-to-actions-by-vcita/contact-form-and-calls-to-action-by-vcita-271-missing-authorization-to-authenticated-subscriber-contactwidget-toggle</loc>
<lastmod>2025-01-30T16:51:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-save-remote-images-drafts/auto-save-remote-images-drafts-109-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-09-09T17:42:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sahifa/sahifa-240-cross-site-request-forgery</loc>
<lastmod>2013-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gsheetconnector-wpforms/wpforms-google-sheet-connector-400-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-846-cross-site-request-forgery-to-admin-role-change-to-customer-user-meta-update-via-save_customer</loc>
<lastmod>2023-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/wordpress-simple-paypal-shopping-cart-513-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-30T22:01:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/do-spaces-sync/digitalocean-spaces-sync-221-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devformatter/developer-formatter-20130141-cross-site-request-forgery</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-special-textboxes/special-text-boxes-59109-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-customizable-contact-forms-survey-quiz-conversational-form-builder-5116-611-authenticated-subscriber-php-object-injection-to-arbitrary-file-read</loc>
<lastmod>2025-09-02T10:27:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-player-widget/flash-player-widget-13-content-spoofing</loc>
<lastmod>2013-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateway-stripe-and-woocommerce-integration/payment-gateway-of-stripe-for-woocommerce-507-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/master-slider/master-slider-responsive-touch-slider-251-authenticated-blind-sql-injection</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram-rainmaker/icegram-collect-138-authenticatedcontributor-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/404page/smart-custom-404-error-page-1147-reflected-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/photo-gallery-images-slider-in-rbs-image-gallery-329-missing-authorization</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adverts-click-tracker/wordpress-adverts-plugin-14-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-5259-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsup/newsup-5010-missing-authorization-to-authenticated-subscriber-plugin-installation</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal-video-player-and-bg/video-player-fullscreen-video-background-241-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1322-authenticated-admin-stored-cross-site-scripting-via-mailchimp-api-key</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seed-social/seed-social-203-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-843-sql-injection</loc>
<lastmod>2018-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-popup-creator/popup-mailchimp-getresponse-and-activecampaign-intergrations-326-missing-authorization-to-unauthenticated-db-table-truncation</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dom/dom-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-stock-quotes/inline-stock-quotes-02-authenticated-contributor-stored-cross-site-scripting-via-stock-shortcode</loc>
<lastmod>2025-08-11T14:04:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-share-buttons-adder/simple-share-buttons-adder-8411-authenticatedadministrator-stored-cross-site-scripting-via-css-settings</loc>
<lastmod>2024-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bakes-and-cakes/bakes-and-cakes-129-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tuxedo-big-file-uploads/big-file-uploads-211-cross-site-request-forgery-via-actions</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/drift/drift-150-authenticated-contributor-stored-cross-site-scripting-via-post-title</loc>
<lastmod>2026-02-18T15:05:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woc-open-close/open-close-woocommerce-store-491-missing-authorization</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/onair2/qt-kentharadio-202-onair2-3992-server-side-request-forgery-remote-file-inclusion</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yotuwp-easy-youtube-embed/video-gallery-1312-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-team/team-members-best-wordpress-team-plugin-with-team-slider-team-showcase-team-builder-341-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-30T18:14:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-67088-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/x-forms-express/nex-forms-lite-wordpress-contact-form-builder-34-cross-site-scripting</loc>
<lastmod>2014-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/karzo/karzo-26-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailpoet/mailpoet-551-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/epaperflip-publisher/epaperflip-publisher-1-authenticated-contributor-stored-cross-site-scripting-via-publicationid-shortcode-attribute</loc>
<lastmod>2026-06-08T15:04:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uncanny-learndash-toolkit/uncanny-toolkit-for-learndash-3703-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-extra/wp-extra-62-missing-authorization-to-arbitrary-email-sending</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-166-reflected-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-extra/donate-extra-202-reflected-cross-site-scripting</loc>
<lastmod>2022-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/devnex-addons-for-elementor/devnex-addons-for-elementor-109-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4234-authenticated-admin-stored-cross-site-scripting-via-rss-feed-source</loc>
<lastmod>2024-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-164-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-232-stored-cross-site-scripting</loc>
<lastmod>2022-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/scape/scape-multipurpose-wordpress-theme-1516-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/player/video-player-1522-reflected-cross-site-scripting</loc>
<lastmod>2023-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aesop-story-engine/aesop-story-engine-232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-wordpress-plugin-for-online-courses-and-education-3725-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easycart/shopping-cart-ecommerce-store-564-sensitive-information-exposure</loc>
<lastmod>2024-05-10T09:18:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-post-notes/page-post-notes-134-missing-authorization-to-authenticated-subscriber-note-updatedeletion</loc>
<lastmod>2025-11-06T17:14:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/last-email-address-validator/leav-last-email-address-validator-171-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-01-15T18:32:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elementskit-elementor-addons-307-312-authenticated-contributor-stored-cross-site-scripting-via-image-accordion-widget</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-migration-duplicator/wordpress-backup-migration-144-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-brain/open-brain-050-cross-site-request-forgery</loc>
<lastmod>2026-04-14T19:46:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popup-builder-with-gamification-multi-step-popups-page-level-targeting-and-woocommerce-triggers-213-unauthenticated-sql-injection-via-id</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3141-unauthenticated-php-object-injection-to-remote-code-execution</loc>
<lastmod>2024-08-19T13:55:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debug-log-viewer/debug-log-viewer-203-missing-authorization</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woosms-sms-module-for-woocommerce/bulkgate-sms-plugin-for-woocommerce-302-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/liquido/liquido-1012-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu-lite/side-menu-lite-add-sticky-fixed-buttons-226-sql-injection</loc>
<lastmod>2021-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flower-delivery-by-florist-one/flower-delivery-by-florist-one-39-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager/file-manager-and-file-manager-pro-multiple-versions-directory-traversal</loc>
<lastmod>2024-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-table-field/table-field-add-on-for-acf-and-scf-1330-authenticated-contributor-stored-cross-site-scripting-via-table-cell-content</loc>
<lastmod>2026-01-05T19:00:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordfence/wordfence-security-firewall-malware-scan-336-stored-cross-site-scripting</loc>
<lastmod>2012-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-sql-backup/wordpress-sql-backup-352-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-1132-authenticated-sql-injection</loc>
<lastmod>2019-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.3/wordpress-core-233-improper-authorization-checks</loc>
<lastmod>2007-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/projectopia-core/projectopia-wordpress-project-management-5119-missing-authorization-to-unauthenticated-arbitrary-attachment-deletion</loc>
<lastmod>2025-12-04T20:37:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/frames/frames-157-missing-authorization</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-wp-admin-login/change-wp-admin-login-113-protection-mechanism-failure-to-login-page-disclosure</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-39-394-sql-injection</loc>
<lastmod>2014-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/health-check/health-check-troubleshooting-171-authenticated-admin-path-traversal</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rest-api-to-miniprogram/rest-api-to-miniprogram-477-authenticated-subscriber-media-attachment-deletion</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/addon-elements-for-elementor-1143-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-13T16:57:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-527-missing-authorization-to-password-protected-post-disclosure</loc>
<lastmod>2025-09-25T16:00:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ws-force-login-page/ws-force-login-page-303-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payu-paisa/woocommerce-payu-india-211-improper-input-validation</loc>
<lastmod>2019-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-latest-posts/wp-latest-posts-374-reflected-cross-site-scripting</loc>
<lastmod>2015-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-ad-snippets-224-missing-authorization-to-settings-import</loc>
<lastmod>2019-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-3541-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/couponxxl-cpt/couponxxl-custom-post-types-30-unauthenticated-privilege-escalation</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-270-missing-authorization</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.1/wordpress-core-21-denial-of-service</loc>
<lastmod>2007-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nokia-mapsplaces/nokia-maps-places-167-open-redirect</loc>
<lastmod>2014-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-187-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visualizer/visualizer-tables-and-charts-manager-for-wordpress-31112-authenticated-contributor-sql-injection</loc>
<lastmod>2025-12-01T17:52:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/welcome-email-editor/welcome-email-editor-505-missing-authorization-via-ajax_handler</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publitio/publitio-221-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ancient-world-linked-data-for-wordpress/ancient-world-linked-data-021-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-app-for-woocommerce/shopapper-0453-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/orpheus/orpheus-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-pro/premium-addons-pro-2824-reflected-cross-site-scripting</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-and-poll/wordpress-survey-poll-quiz-survey-and-poll-plugin-for-wordpress-12-sql-injection</loc>
<lastmod>2015-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/platformly-for-woocommerce/platformly-for-woocommerce-116-unauthenticated-blind-server-side-request-forgery</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gita/gita-111-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-docs/wp-docs-213-reflected-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cashbill-payment-method/cashbillpl-patnoci-woocommerce-321-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-activity-plus-reloaded/activity-plus-reloaded-for-buddypress-112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/error-log-viewer/error-log-viewer-by-bestwebsoft-116-authenticated-administrator-arbitrary-file-read</loc>
<lastmod>2025-10-10T20:39:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wooenvato/woocommerce-envato-affiliates-121-reflected-cross-site-scripting</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-pro/wordpress-security-42-admin-stored-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bcorp-shortcodes/bcorp-shortcodes-023-unauthenticated-php-object-injection</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canalplan-ac/canalplan-531-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tripay-payment-gateway/tripay-payment-gateway-327-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-template/wp-html-mail-2211-html-injection</loc>
<lastmod>2019-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bic-media/bic-media-widget-10-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wemail/wemail-email-marketing-newsletter-builder-email-automations-for-woocommerce-212-reflected-cross-site-scripting</loc>
<lastmod>2026-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-homepage-slideshow/homepage-slideshow-plugin-22-arbitrary-file-upload</loc>
<lastmod>2012-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/handl-utm-grabber/handl-utm-grabber-tracker-280-reflected-cross-site-scripting</loc>
<lastmod>2025-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/progress-tracker/progress-tracker-093-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-google-fonts/google-fonts-for-wordpress-300-reflected-cross-site-scripting</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-exporter/woocommerce-store-exporter-272-reflected-cross-site-scripting-via-filter</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-331-unauthenticated-privilege-escalation-via-stm_lms_register-ajax-action</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-manager-pro/file-manager-pro-834-reflected-cross-site-scripting</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rehub-framework/rehub-framework-1962-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-578-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-complete-hr-solution-with-recruitment-job-listings-woocommerce-crm-accounting-1131-authenticated-accountingmanager-sql-injection</loc>
<lastmod>2024-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/antihacker/anti-hacker-419-missing-authorization-to-arbitrary-plugin-install</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-popup/hustle-email-marketing-lead-generation-optins-popups-78101-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/marra/marra-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-plugin/gallery-by-bestwebsoft-469-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-simple-popup-builder/pretty-simple-popup-builder-109-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intuitive-custom-post-order/intuitive-custom-post-order-313-missing-authorization-to-authenticated-settings-change</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-appointment-calendar/cp-appointment-calendar-115-unauthenticated-sql-injection</loc>
<lastmod>2015-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/website-file-changes-monitor/melapress-file-monitor-202-authenticated-admin-authenticated-sql-injection</loc>
<lastmod>2025-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dentalcare-cpt/dental-care-cpt-202-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-205-reflected-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-10126-authorization-bypass-to-settings-updates</loc>
<lastmod>2020-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reviews-plugin-for-google/widgets-for-google-reviews-1321-authenticated-contributor-stored-cross-site-scripting-via-trustindex-shortcode</loc>
<lastmod>2025-12-10T15:02:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thai-lottery-widget/thai-lottery-widget-25-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-04T20:35:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anyvar/anyvar-011-cross-site-scripting</loc>
<lastmod>2017-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pray-for-me/pray-for-me-104-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formfacade/formfacade-100-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-by-stormhill-media-214-cross-site-scripting</loc>
<lastmod>2015-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pandavideo/panda-video-140-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-08T20:01:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopengine/shopengine-411-cross-site-request-forgery-via-get_product</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/orbisius-simple-notice/orbisius-simple-notice-113-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-577-unauthenticated-race-condition-to-multi-vote</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wp-sms-65-cross-site-request-forgery-to-subscriber-deletion</loc>
<lastmod>2024-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-website-builder-pro-more-than-just-a-page-builder-32510-authenticated-contributor-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2025-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion/fusion-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-754-authenticated-author-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2024-07-31T18:01:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-ajax-filters/advanced-ajax-product-filters-1681-reflected-cross-site-scripting</loc>
<lastmod>2025-02-27T16:18:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-6419-cross-site-request-forgery</loc>
<lastmod>2025-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/csv-to-sorttable/csv-to-sorttable-42-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-affiliate-links/easy-affiliate-links-372-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modern-footnotes/modern-footnotes-1415-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arconix-shortcodes/arconix-shortcodes-2113-authenticated-contributor-stored-cross-site-scripting-via-box-shortcode</loc>
<lastmod>2024-10-29T00:48:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-future-posts/no-future-posts-14-stored-cross-site-scripting</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alphaomega-captcha-anti-spam/alphaomega-captcha-amp-anti-spam-filter-33-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fleur/fleur-20-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/collect-and-deliver-interface-for-woocommerce/cdi-collect-and-deliver-interface-for-woocommerce-519-multiple-cross-site-scripting</loc>
<lastmod>2022-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-subscribe-sm/mailchimp-subscribe-forms-41-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms/wsms-formerly-wp-sms-sms-mms-notifications-with-otp-and-2fa-for-woocommerce-71-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2026-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/defender-security/defender-security-410-sensitive-information-exposure-via-log-file</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-122-insecure-direct-object-reference</loc>
<lastmod>2023-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sanzo/sanzo-243-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-manager/business-manager-145-stored-cross-site-scripting</loc>
<lastmod>2021-10-14T13:46:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-40604-missing-authorization</loc>
<lastmod>2025-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-594-cross-site-scripting</loc>
<lastmod>2018-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker/broken-link-checker-1108-cross-site-scripting</loc>
<lastmod>2015-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder/cost-calculator-builder-3142-improper-authorization</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-websites-showcase/product-website-showcase-10-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce/woocommerce-651-authenticated-admin-html-injection</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/private-comment/private-comment-004-authenticated-administrator-stored-cross-site-scripting-via-label-text-setting</loc>
<lastmod>2026-02-17T18:31:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wphrm/wphrm-human-resource-management-system-11-sql-injection</loc>
<lastmod>2017-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/limit-login-attempts-plus/limit-login-attempts-plus-109-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-login-registration-plugin/simple-login-registration-102-cross-site-scripting</loc>
<lastmod>2013-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/elegant-grunge/elegant-grunge-103-cross-site-scripting</loc>
<lastmod>2011-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cache-images/cache-images-32-missing-authorization</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-1068-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-and-post-lister/page-and-post-lister-121-missing-authorization-to-authenticated-subscriber-arbitrary-post-deletion</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/booking-for-appointments-and-events-calendar-amelia-23-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-31114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aruba-hispeed-cache/aruba-hispeed-cache-303-missing-authorization</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsso/wpsso-core-18181-missing-authorization</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/language-switcher-for-transposh/language-switcher-for-transposh-159-reflected-cross-site-scripting</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-filebase/wp-filebase-3423-reflected-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-adaptive-images/shortpixel-adaptive-images-371-cross-site-request-forgery-via-shortpixel_ai_handle_page_action</loc>
<lastmod>2023-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-elementor-addons-header-footer-template-library-dynamic-grid-carousel-remote-arrows-5101-authenticated-contributor-stored-cross-site-scripting-via-age-gate</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-wp-smtp/easy-wp-smtp-151-authenticated-admin-directory-traversal</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weekly-schedule/weekly-schedule-342-stored-cross-site-scripting</loc>
<lastmod>2021-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-my-wp/geo-my-wordpress-402-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accordion-slider/accordion-slider-1911-authenticted-contributor-stored-cross-site-scripting-via-html-attribute</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oneclick-whatsapp-order/oneclick-chat-to-order-1042-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/auramart/auramart-207-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/academy/academy-lms-1925-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/avada-builder-31113-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-jobsearch-chat/addon-jobsearch-chat-30-reflected-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-updraftplus-extension/mainwp-updraftplus-extension-406-missing-authorization</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-google-map-plugin-311-cross-site-scripting</loc>
<lastmod>2016-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-map-block/wp-map-block-202-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-free-version-103024-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-160-missing-authorization</loc>
<lastmod>2026-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/talkback-secure-linkback-protocol/talkback-10-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/set-bulk-post-categories/set-bulk-post-categories-11-cross-site-request-forgery-to-bulk-post-category-update</loc>
<lastmod>2026-01-23T19:23:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lottiefiles/lottiefiles-300-missing-authorization</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-161-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/charitable/charitable-18104-authenticated-custom-sql-injection-via-s-search-parameter</loc>
<lastmod>2026-05-12T15:46:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/puzzles/puzzles-wp-magazine-review-with-store-wordpress-theme-rtl-424-unauthenticated-php-object-injection</loc>
<lastmod>2025-02-12T16:10:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-media-library-lite/real-media-library-media-library-folder-file-manager-41828-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canadian-nutrition-facts-label/canadian-nutrition-facts-label-30-authenticated-contributor-stored-cross-site-scripting-via-nutrition-label-custom-post-type</loc>
<lastmod>2025-12-05T17:47:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-264-authenticated-contributor-cross-site-scripting-via-elementor-widget-url-custom-attributes</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/timetics/timetics-appointment-booking-calendar-scheduling-system-1052-missing-authorization</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenverse/gutenverse-ultimate-wordpress-fse-blocks-addons-ecosystem-346-authenticated-contributor-stored-cross-site-scripting-via-imageload</loc>
<lastmod>2026-04-03T13:45:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scratch-win-giveaways-for-website-facebook/scratch-win-giveaways-and-contests-280-missing-authorization-to-unauthenticated-coupon-creation</loc>
<lastmod>2025-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliate-links/affiliate-links-lite-26-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elementor-inner-sections-by-boomdevs/prime-elementor-addons-133-authenticated-contributor-stored-cross-site-scripting-via-widget-html-tag-settings</loc>
<lastmod>2026-06-08T19:49:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-334-missing-authorization-to-booking-price-maniputlation</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rescue-shortcodes/rescue-shortcodes-28-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-pay-counter/post-pay-counter-2731-arbitrary-settings-change</loc>
<lastmod>2017-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-external-links-in-a-new-window/external-links-in-new-window-new-tab-142-tabnabbing</loc>
<lastmod>2022-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-6619-authenticated-author-php-object-injection</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-metabox/gallery-metabox-15-missing-authorization-via-refresh_metabox</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3303-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-auto-complete-for-woocommerce/order-auto-complete-for-woocommerce-120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/triss/triss-26-reflected-cross-site-scripting</loc>
<lastmod>2025-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-1716-unauthorized-account-password-change-to-privilege-escalation</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alpine-photo-tile-for-instagram/alpine-phototile-for-instagram-1276-reflected-cross-site-scripting</loc>
<lastmod>2015-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-098-authenticated-sql-injection</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/coachify/coachify-107-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decent-comments/decent-comments-302-unauthenticated-information-exopsure</loc>
<lastmod>2026-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3625-denial-of-service-via-large-form-submissions</loc>
<lastmod>2023-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/bit-form-contact-form-plugin-21310-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/real-estate-7-theme-331-stored-cross-site-scripting</loc>
<lastmod>2023-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-social-buttons/simple-social-media-share-buttons-540-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-registration/event-registration-60202-sql-injection</loc>
<lastmod>2016-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-5213-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7/contact-form-7-594-unauthenticated-open-redirect</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/curatorio/curatorio-show-all-your-social-media-posts-in-a-beautiful-feed-191-authenticated-contributor-stored-cross-site-scripting-via-feed_id-attribute</loc>
<lastmod>2024-10-09T13:30:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ajax-page-loader/advanced-ajax-page-loader-277-arbitrary-file-upload</loc>
<lastmod>2016-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/frontpage-manager/frontpage-manager-13-cross-site-request-forgery-via-admin_page</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-291-authenticated-author-sensitive-information-exposure</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/arforms/arforms-371-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2019-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-exporter/export-all-posts-products-orders-refunds-users-213-unauthenticated-php-object-injection</loc>
<lastmod>2025-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latepoint/latepoint-516-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-slideshow/content-slideshow-241-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:26:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/5.9/wordpress-core-592-gutenberg-1272-prototype-pollution-via-block-editor</loc>
<lastmod>2022-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluentform-4325-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcut-macros/shortcut-macros-13-missing-authorization-to-settings-update</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discord-post-plus/wp-discord-post-plus-supports-unlimited-channels-102-cross-site-request-forgery</loc>
<lastmod>2025-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-1315-unauthenticated-blind-sql-injection-via-ip</loc>
<lastmod>2022-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-theme-functionality/houzez-theme-functionality-412-missing-authorization</loc>
<lastmod>2025-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Avada/avada-514-cross-site-request-forgery</loc>
<lastmod>2017-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justified-gallery/justified-gallery-170-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-and-projects/portfolio-and-projects-137-cross-site-request-forgery-via-wpos_anylc_admin_init_process</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/daily-prayer-time-for-mosques/daily-prayer-time-20230320-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagerestrict/page-restrict-255-cross-site-request-forgery-via-pr_admin_page</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-jquery-lightbox/lightpress-lightbox-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-883-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-492-unauthenticated-stored-cross-site-scripting-via-gwolle_gb_content-parameter</loc>
<lastmod>2025-07-09T12:49:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-customizer/thank-you-page-customizer-for-woocommerce-118-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-instagram/ht-feed-127-cross-site-request-forgery-leading-to-limited-plugin-activation</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp3-music-player-by-sonaar/mp3-audio-player-for-music-radio-podcast-by-sonaar-4101-unauthenticated-arbitrary-file-download</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cubewp-framework/cubewp-all-in-one-dynamic-content-framework-1124-cross-site-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rabbit-loader/rabbitloader-21913-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-4130-unauthenticated-stored-cross-site-scripting-via-name</loc>
<lastmod>2025-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-copy-protector/wp-content-copy-protection-no-right-click-355-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-sermons/advanced-sermons-34-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/head-meta-data/head-meta-data-20251118-authenticated-contributor-stored-cross-site-scripting-via-post-meta</loc>
<lastmod>2026-01-20T01:55:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-447-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-load-more/wordpress-infinite-scroll-ajax-load-more-5602-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1331-missing-authorization-to-feedback-submission</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-storymap/storymap-21-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdoodlez/wp-doodlez-1010-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-live-streaming-integration/broadcast-live-video-live-streaming-4295-full-path-disclosure</loc>
<lastmod>2014-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-inventory-manager/wp-inventory-manager-21013-cross-site-request-forgery-via-delete_item</loc>
<lastmod>2023-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/north-wp/north-575-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-213-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-hashtags/social-hashtags-300-cross-site-scripting</loc>
<lastmod>2012-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-market-for-woocommerce/wholesale-market-for-woocommerce-106-unauthenticated-arbitrary-file-download</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anonymous-restricted-content/anonymous-restricted-content-165-unauthenticated-content-restriction-bypass-to-sensitive-information-exposure</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/canto/canto-308-unauthenticated-remote-file-inclusion</loc>
<lastmod>2024-06-13T15:59:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-images-widget/social-images-widget-21-missing-authorization-to-unauthenticated-arbitrary-plugin-settings-deletion</loc>
<lastmod>2025-11-24T19:13:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cookie-notice/cookie-notice-compliance-for-gdpr-ccpa-246-authenticated-contributor-stored-cross-site-scripting-via-cookies_policy_link-shortcodes</loc>
<lastmod>2023-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/health-check/health-check-troubleshooting-123-path-traversal</loc>
<lastmod>2019-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profit-products-tables-for-woocommerce/active-products-tables-for-woocommerce-use-constructor-to-create-tables-108-unauthenticated-sql-injection</loc>
<lastmod>2026-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inpost-gallery/inpost-gallery-2143-cross-site-request-forgery</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usermaven/usermaven-121-cross-site-request-forgery</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mashsharer/social-media-share-buttons-386-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-php/woody-code-snippets-245-reflected-cross-site-scripting</loc>
<lastmod>2022-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership/simple-membership-329-reflected-cross-site-scripting</loc>
<lastmod>2016-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-se/slideshow-se-2520-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-chinese-conversion/wp-chinese-conversion-1116-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-security-and-firewall/all-in-one-wp-security-firewall-419-reflected-cross-site-scripting</loc>
<lastmod>2016-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shorten-url/short-url-168-cross-site-request-forgery</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-3381-authenticated-contributor-stored-cross-site-scripting-via-edd_receipt-shortcode</loc>
<lastmod>2025-05-28T19:44:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-gdpr-cookie-consent/wp-gdpr-cookie-consent-100-authenticated-subscriber-stored-cross-site-scripting-via-ninja_gdpr_ajax_actions-ajax-action</loc>
<lastmod>2026-06-08T15:05:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hive-support/hive-support-125-authenticated-subscriber-missing-authorization-via-hs_update_ai_chat_settings-and-hive_lite_support_get_all_binbox</loc>
<lastmod>2025-06-05T17:48:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/fotawp/fota-wp-141-missing-authorization-via-fotawp_install_and_activate_plugins</loc>
<lastmod>2024-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/justified-image-gallery/justified-image-gallery-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-204-missing-authorization-to-database-export</loc>
<lastmod>2015-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel/wp-travel-ultimate-travel-booking-system-tour-management-engine-1140-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/interactive-geo-maps/interactive-geo-maps-159-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genealogical-tree/genealogical-tree-225-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketer-addons/marketer-addons-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5942-authenticated-subscriber-limited-server-side-request-forgery</loc>
<lastmod>2025-02-17T13:43:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-history/simple-history-track-log-and-audit-wordpress-changes-5260-authenticated-subscriber-account-takeover-via-missing-authorization-on-event-reaction-endpoint</loc>
<lastmod>2026-05-29T20:38:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-51138-authenticated-contributor-dom-based-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2026-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-parcel-pro/parcel-pro-1611-open-redirect-via-redirect</loc>
<lastmod>2023-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2154-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-automatic/wordpress-automatic-plugin-ai-content-generator-and-auto-poster-plugin-31180-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-25T20:27:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-354-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-caldav2ics/wp-caldav2ics-134-cross-site-request-forgery</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-681-reflected-cross-site-scripting</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-1922-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-6471-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-builder-elementor/elementor-portfolio-builder-100-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-137-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-multiple-addresses/woocommerce-multiple-addresses-1071-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-05-06T13:28:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-107-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/campaign-monitor-wp/campaign-monitor-forms-by-optin-cat-257-reflected-cross-site-scripting</loc>
<lastmod>2024-12-02T21:32:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-social-media-icons/social-media-share-icons-291-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qwiz-online-quizzes-and-flashcards/qwizcards-361-stored-cross-site-scripting</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-2019-incorrect-authorization-to-authenticated-subscriber-arbitrary-table-creation</loc>
<lastmod>2026-01-08T18:58:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfmatters/perfmatters-216-cross-site-request-forgery</loc>
<lastmod>2023-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/db-access/db-access-087-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ap-pricing-tables-lite/ap-pricing-tables-lite-114-reflected-cross-site-scripting</loc>
<lastmod>2022-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatera/templatera-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-10231-htaccess-file-manipulation-to-remote-code-execution</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-best-documentation-faq-knowledge-base-plugin-with-ai-support-instant-answer-for-elementor-gutenberg-333-unauthenticated-php-object-injection</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-content-filter/wp-content-filter-censor-all-offensive-content-from-your-site-301-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/palatio/palatio-16-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mage-eventpress/wpevently-446-missing-authorization</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-simple-intro-loader/ns-simple-intro-loader-223-reflected-cross-site-scripting</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimize-more-images/optimize-more-images-113-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woofunnels-aero-checkout/funnelkit-checkout-3103-authenticatedsubscriber-missing-authorization-to-settings-change</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-widget/wordpress-ad-widget-2200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/videowhisper-video-conference-integration/webcam-video-conference-31-cross-site-scripting</loc>
<lastmod>2013-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-portfolio/gallery-portfolio-146-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newspack-newsletters/newspack-newsletters-2132-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-schedule-appointments/simply-schedule-appointments-1575-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-generator/code-generate-10-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nmedia-user-file-uploader/frontend-file-manager-234-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ubermenu/uber-menu-382-authenticated-contributor-stored-cross-site-scripting-via-multiple-shortcodes</loc>
<lastmod>2024-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-floating-menu-or-categories/wpb-floating-menu-or-categories-sticky-floating-side-menu-categories-with-icons-108-authenticated-editor-stored-cross-site-scripting-via-icon-css-class-category-field</loc>
<lastmod>2026-05-20T14:09:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beeteam368-extensions/beeteam368-extensions-235-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-07-11T18:49:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/age-restriction/age-restriction-302-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-geek/event-geek-252-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist-member-x/wishlist-member-x-3290-missing-authorization</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-saml-20-single-sign-on/saml-single-sign-on-saml-sso-login-4920-reflected-cross-site-scripting</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dx-delete-attached-media/dx-delete-attached-media-2051-cross-site-request-forgery-via-add_to_base</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/decorator-woocommerce-email-customizer/webtoffee-ecommerce-marketing-automation-211-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-2110-unrestricted-file-upload</loc>
<lastmod>2015-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-lister-for-amazon/wp-lister-lite-for-amazon-2616-reflected-cross-site-scripting</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-548-reflected-cross-site-scripting-in-pdf-invoicing-module</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-322-cross-site-request-forgery</loc>
<lastmod>2019-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-best-help-desk-support-plugin-277-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-moneybird/integration-of-moneybird-for-woocommerce-212-reflected-cross-site-scripting</loc>
<lastmod>2021-09-09T16:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-viewer/3d-viewer-embed-3d-models-185-missing-authorization</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-for-contact-form-7/material-design-for-contact-form-7-264-missing-authorization-to-arbitrary-settings-update</loc>
<lastmod>2022-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedwordpress/feedwordpress-20210713-reflected-cross-site-scripting</loc>
<lastmod>2022-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bulk-editor/bear-bulk-editor-and-products-manager-professional-for-woocommerce-by-pluginusnet-115-cross-site-request-forgery</loc>
<lastmod>2026-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-419-the-plus-addons-for-elementor-206-authenticated-contributor-privilege-escalation</loc>
<lastmod>2021-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-downloader/media-downloader-0474-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tainacan/tainacan-02112-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-google-recaptcha/advanced-google-recaptcha-129-authenticated-subscriber-limited-sql-injection-via-ssearch-parameter</loc>
<lastmod>2025-03-27T19:32:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-scheduler-by-vcita/online-booking-scheduling-calendar-for-wordpress-by-vcita-451-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cafe/wpcafe-2227-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-rotator/testimonial-rotator-302-authenticated-stored-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-1-click-wp-staging-migration-01044-authentication-bypass-to-admin</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-loading-effects/page-loading-effects-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classic-addons-wpbakery-page-builder-addons/classic-addons-wpbakery-page-builder-30-authenticated-contributor-limited-local-php-file-inclusion</loc>
<lastmod>2024-12-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ads-manager/simple-ads-manager-294116-denial-of-service</loc>
<lastmod>2015-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lawyer-directory/lawyer-directory-133-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-post/event-post-5910-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medical-addon-for-elementor/medical-addon-for-elementor-161-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/imba/imba-150-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/parcelpanel/shipment-tracking-tracking-and-order-tracking-for-woocommerce-parcelpanel-free-to-install-382-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adwork-media-ez-content-locker/adwork-media-ez-content-locker-30-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shortcodes/shortcodes-by-angie-makes-207-authenticated-stored-cross-site-scripting</loc>
<lastmod>2016-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sydney/sydney-256-missing-authorization-to-authenticated-subscriber-limited-theme-options-update</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/constructor/constructor-165-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/watu/watu-quiz-3382-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tectite-forms/tectite-forms-13-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-06-01T19:43:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-blogster-lite/video-blogster-lite-12-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/e-shot-form-builder/e-shot-102-missing-authorization-to-authenticated-subscriber-sensitive-information-exposure-via-api-token-via-eshot_form_builder_get_account_data-ajax-action</loc>
<lastmod>2026-03-20T15:09:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/depicter/slider-popup-builder-by-depicter-add-image-slider-carousel-slider-exit-intent-popup-popup-modal-coupon-popup-post-slider-carousel-321-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/adventure-journal/adventure-journal-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/suretriggers/ottokit-all-in-one-automation-platform-formerly-suretriggers-1082-unauthenticated-privilege-escalation</loc>
<lastmod>2025-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-search-pro/ajax-search-pro-4187-authenticated-subscriber-sql-injection</loc>
<lastmod>2020-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kalium/kalium-3183-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-ultra-pro/booking-ultra-pro-1120-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/patron-button-and-widgets-by-codebard/codebards-patron-button-and-widgets-for-patreon-219-reflected-cross-site-scripting-via-cb_p6_tab</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-register-using-jwt/wp-login-and-register-using-jwt-300-missing-authorization-to-authenticated-subscriber-api-key-exposure</loc>
<lastmod>2025-11-18T17:17:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-activity-log-pro/user-activity-log-pro-233-tracking-bypass-via-ip-spoofing</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mass-pagesposts-creator/mass-pagesposts-creator-122-missing-authorization</loc>
<lastmod>2018-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsection/wpsection-138-authenticated-contributor-local-file-inlcusion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-1324-cross-site-request-forgery-to-question-deletion</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-vertical-image-slider/wordpress-vertical-image-slider-plugin-12-cross-site-scripting</loc>
<lastmod>2015-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-2411-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2837-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wp-shortcodes-plugin-shortcodes-ultimate-703-authenticated-contributor-stored-cross-site-scripting-via-su_qrcode-shortcode</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/database-cleaner/database-cleaner-105-authenticated-admin-arbitrary-file-read</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobilize/mobilize-307-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-pencil-visual-theme-customizer/yellowpencil-visual-css-style-editor-758-reflected-cross-site-scripting-livelink</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-105-reflected-cross-site-scripting</loc>
<lastmod>2022-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rollover-tab/rollover-tab-132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/job-board-manager/job-board-manager-2160-authenticated-contributor-php-object-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22814-missing-authorization-to-authenticated-subscriber-log-clearing</loc>
<lastmod>2026-03-03T21:55:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wt-smart-coupons-for-woocommerce/smart-coupons-for-woocommerce-223-missing-authorization</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-via-url/featured-image-via-url-01-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-12-04T17:21:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stats-manager/wp-visitor-statistics-real-time-traffic-47-sql-injection</loc>
<lastmod>2021-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-404-pro/custom-404-pro-371-cross-site-request-forgery</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bubble-menu/bubble-menu-304-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-8520-authenticated-administrator-sql-injection</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bridge-core/bridge-core-33-missing-authorization-to-authenticated-subscriber-demo-import</loc>
<lastmod>2024-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ezplayer/ezplayer-1010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpgform/google-forms-093-remote-code-execution</loc>
<lastmod>2018-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-last-modified-info/wp-last-modified-info-165-stored-cross-site-scripting</loc>
<lastmod>2020-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-calendars/event-calendar-104-missing-authorization-to-unauthenticated-arbitrary-calendar-deletion</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/starbox/starbox-349-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-image-attributes-from-filename-with-bulk-updater/auto-image-attributes-from-filename-with-bulk-updater-add-alt-text-image-title-for-image-seo-49-authenticated-author-stored-cross-site-scripting-via-image-attribute</loc>
<lastmod>2026-06-01T12:44:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twchat/two-way-chat-314-authenticated-admin-local-file-inclusion</loc>
<lastmod>2021-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-content-gallery/featured-content-gallery-320-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coblocks/coblocks-3113-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/linet-erp-woocommerce-integration/linet-erp-woocommerce-integration-357-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-colorbox/wordpress-colorbox-lightbox-plugin-114-stored-cross-site-scripting</loc>
<lastmod>2020-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sheets-to-wp-table-live-sync/flextable-google-sheets-connector-3191-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trx_addons/themerex-addons-2385-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-junkie-team-content/theme-junkie-team-content-011-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-page-visit-counter/advanced-page-visit-counter-615-subscriber-blind-sql-injection</loc>
<lastmod>2022-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartflows/cartflows-checkout-funnel-builder-for-woocommerce-2119-authenticated-administrator-php-object-injection</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-revisions-manager/wp-revisions-manager-102-cross-site-request-forgery</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-horizontal-vertical-and-accordion-tabs/wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-1117-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geo-mashup/geo-mashup-11319-authenticated-subscriber-sql-injection-via-geo_mashup_null_fields-parameter</loc>
<lastmod>2026-05-01T19:15:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/invoice-payment-for-woocommerce/link-invoice-payment-for-woocommerce-280-missing-authorization-to-unauthenticated-arbitrary-partial-payment-creationcancellation</loc>
<lastmod>2026-01-26T18:22:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocim-mp3/ocim-mp3-all-versions-cross-site-scripting</loc>
<lastmod>2016-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-post-comment-rating/wp-post-rating-246-missing-authorization-to-vote-manipulation</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-calculator-builder-pro/cost-calculator-builder-pro-3215-unauthenticated-sql-injection-via-data</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-1324-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-11-11T14:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bravis-addons/bravis-addons-130-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-444-admin-sql-injection-via-orderby-parameter</loc>
<lastmod>2021-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshop/wpshop-2-e-commerce-200-260-authenticated-subscriber-privilege-escalation-via-account-takeover</loc>
<lastmod>2025-05-06T13:34:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cyclone-slider/cyclone-slider-320-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-6494-missing-authorization-to-email-disclosure</loc>
<lastmod>2023-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-blood-donation-request-and-donor-management-system-2115-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-11-21T19:24:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-834-authenticated-contributor-stored-cross-site-scripting-via-posts-carousel-widget</loc>
<lastmod>2024-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clickwhale/clickwhale-link-manager-link-shortener-and-click-tracker-for-affiliate-links-link-pages-241-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecommerce-product-catalog/ecommerce-product-catalog-plugin-for-wordpress-355-unauthenticated-sql-injection</loc>
<lastmod>2026-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/show-notice-or-message-on-admin-area/show-notice-or-message-on-admin-area-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contact-form-7-db-handler/wp-contact-form-7-db-handler-30-cross-site-request-forgery-to-arbitrary-file-deletion-via-contact_form-parameter</loc>
<lastmod>2026-05-27T18:05:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memorialday/memorialday-104-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T17:31:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-ultimate/soundcloud-ultimate-15-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-login-page/simple-custom-login-page-103-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2026-06-01T13:00:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-login-woocommerce/loginsignup-popup-15-missing-authorization</loc>
<lastmod>2020-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/triplea-cryptocurrency-payment-gateway-for-woocommerce/cryptocurrency-payment-gateway-for-woocommerce-2025-missing-authorization-to-unauthenticated-tracking-status-update</loc>
<lastmod>2025-11-17T20:53:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-2733-reflected-cross-site-scripting</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stax-addons-for-elementor/elementor-addons-widgets-and-enhancements-stax-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-addon-toolkit/ovic-addon-toolkit-261-missing-authorization</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anchor-episodes-index/anchor-episodes-index-spotify-for-podcasters-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-09-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dmca-badge/dmca-protection-badge-220-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-site-enhancements/admin-and-site-enhancements-ase-751-authenticated-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-11-11T16:57:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fgallery/fgallery-241-sql-injection</loc>
<lastmod>2008-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/skt-nurcaptcha/skt-nurcaptcha-350-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/split-test-for-elementor/split-test-for-elementor-183-authenticated-editor-sql-injection</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-with-ai-best-seo-tools-10217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sms-vatansms-com/vatansms-wp-sms-101-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2026-05-19T12:06:06.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/googlemapper-2/googlemapper-203-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetgridbuilder/jetgridbuilder-112-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/creatorlms/creator-lms-1112-missing-authorization</loc>
<lastmod>2026-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gwolle-gb/gwolle-guestbook-210-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-offline/site-offline-156-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-shortcodes/social-media-shortcodes-130-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/wp-recipe-maker-1022-insecure-direct-object-reference-to-sensitive-information-exposure</loc>
<lastmod>2025-12-11T20:23:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-368-sql-injection</loc>
<lastmod>2011-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-3235-authenticated-contributor-basic-information-exposure-via-get_image_alt-function</loc>
<lastmod>2024-10-14T12:07:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icalendrier/icalendrier-180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indianic-testimonial/testimonial-23-sql-injection</loc>
<lastmod>2013-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geodirectory/geodirectory-28119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/import-any-xml-or-csv-file-to-wordpress-345-cross-site-scripting</loc>
<lastmod>2017-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy-pro/brizy-pro-280-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-twitter-feeds/awesome-twitter-feeds-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ticketsource-events/sell-tickets-online-ticketsource-ticket-shop-for-wordpress-302-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T18:05:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-dashboard-510-missing-authorization-to-opt-in</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jonradio-private-site/my-private-site-3014-improper-access-control-to-sensitive-information-exposure-via-rest-api</loc>
<lastmod>2024-02-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/virtual-hdm-for-taxservice-am/tax-service-electronic-hdm-112-unauthenticated-sql-injection</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/header-footer-elementor/elementor-header-footer-builder-157-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik-mortgage-calculator/mortgage-calculator-estatik-2012-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-engine/ai-engine-chatgpt-chatbot-2263-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-4043-missing-authorization-to-unauthenticated-private-or-password-protected-events-disclosure</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/option-tree/option-tree-253-cross-site-scripting</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-delivery-date-for-woocommerce/order-delivery-date-for-woocommerce-3200-reflected-cross-site-scripting-via-orddd_lite_custom_startdate-and-orddd_lite_custom_enddate</loc>
<lastmod>2023-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ambience/ambience-unspecified-versions-cross-site-scripting</loc>
<lastmod>2013-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truebooker-appointment-booking/truebooker-103-unauthenticated-sql-injection</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rselements-lite/rs-elements-elementor-addon-115-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/hestia/hestia-312-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-lazy-load/advanced-lazy-load-160-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addons-for-elementor/elementor-addons-by-livemesh-837-authenticated-contributor-stored-cross-site-scripting-via-posts-grid</loc>
<lastmod>2024-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-unauthenticated-sql-injection</loc>
<lastmod>2019-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-crowdfunding/wp-crowdfunding-2112-missing-authorization-to-authenticated-subscriber-woocommerce-installation</loc>
<lastmod>2024-12-12T20:17:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ai-content-writing-assistant/ai-content-writing-assistant-content-writer-chatgpt-image-generator-all-in-one-117-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-wholesale-prices/wholesale-suite-215-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4027-cross-site-request-forgery</loc>
<lastmod>2024-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easyme-connect/easyme-connect-303-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/foyer/foyer-175-content-injection-via-improper-access-control</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfront-notification-bar/wpfront-notification-bar-200-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-3141-missing-authorization-to-unauthenticated-sensitive-information-disclosure-via-tokenrefresh-rest-endpoint</loc>
<lastmod>2026-06-30T17:19:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maps-for-wp/maps-for-wp-125-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strx-magic-floating-sidebar-maker/strx-magic-floating-sidebar-maker-141-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-adsense-and-hotel-booking/google-adsense-and-hotel-booking-105-open-proxy</loc>
<lastmod>2015-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-206-multiple-cross-site-request-forgery-issues</loc>
<lastmod>2018-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-addons-for-elementor-171057-authenticated-contributor-server-side-request-forgery-via-csv-url-parameter</loc>
<lastmod>2026-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feed-them-social/feed-them-social-for-twitter-feed-youtube-and-more-299-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2022-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brizy/brizy-page-builder-2443-authenticatedcontributor-stored-cross-site-scripting-via-form-functionality</loc>
<lastmod>2024-06-04T17:42:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adsense-click-fraud-monitoring/adsense-click-fraud-monitoring-186-reflected-cross-site-scripting</loc>
<lastmod>2015-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-meta-robots/wordpress-meta-robots-21-sql-injection</loc>
<lastmod>2015-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-free-pro-640-missing-authorization-to-authenticated-contributor-arbitrary-events-access</loc>
<lastmod>2024-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sloth-logo-customizer/sloth-logo-customizer-202-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buying-buddy-idx-crm/buying-buddy-idx-crm-230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zstore-manager-basic/zstore-manager-basic-3311-missing-authorization-to-authenticated-subscriber-cache-clearing</loc>
<lastmod>2025-01-30T00:40:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-blocks-for-gutenberg/premium-blocks-gutenberg-blocks-for-wordpress-2142-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-counts/shared-counts-social-media-share-buttons-141-missing-authorization-to-arbitrary-email-sending</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/perfect-portfolio/perfect-portfolio-120-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/matrix-pre-loader/preloader-matrix-201-cross-site-request-forgery</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-stripe/easy-stripe-11-unauthenticated-remote-code-execution</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stop-user-enumeration/stop-user-enumeration-172-protection-mechanism-bypass</loc>
<lastmod>2025-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wen-responsive-columns/wen-responsive-columns-132-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plethora-tabs-accordions/plethora-plugins-tabs-accordions-118-authenticated-contributor-stored-cross-site-scripting-via-anchor</loc>
<lastmod>2025-01-24T16:27:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tlitl-auto-twitter-poster/tlitl-auto-twitter-poster-34-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accesspress-anonymous-post-pro/accesspress-anonymous-post-pro-319-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2017-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/colibri-page-builder/colibri-page-builder-10248-missing-authorization</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oopspam-anti-spam/oopspam-anti-spam-spam-protection-for-wordpress-forms-comments-no-captcha-1262-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/front-end-only-users/front-end-users-3232-authenticated-admin-sql-injection</loc>
<lastmod>2025-04-01T20:34:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recurring-donation/recurring-paypal-donations-17-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/u-design-core/udesign-core-4140-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-from-ftp/media-from-ftp-1116-authenticated-author-improper-privilege-management</loc>
<lastmod>2023-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/scroll-top-advanced/scroll-top-advanced-25-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-gateways-caller-for-wp-e-commerce/payment-gateways-caller-for-wp-e-commerce-011-local-file-inclusion</loc>
<lastmod>2013-10-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aryo-activity-log/activity-log-plugin-204-fulle-path-disclosure</loc>
<lastmod>2014-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/wordpress-download-manager-2951-open-redirect</loc>
<lastmod>2017-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javascript-notifier/javascript-notifier-128-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2026-01-23T20:32:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adamrob-parallax-scroll/parallax-scroll-201-cross-site-scripting</loc>
<lastmod>2019-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-607-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/landing-page-cat/landing-page-cat-coming-soon-page-maintenance-page-squeeze-pages-176-reflected-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fifthsegment-whitelist/whitelist-35-reflected-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3286-authenticated-subscriber-stored-self-based-cross-site-scripting</loc>
<lastmod>2024-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/portfolio-filter-gallery/portfolio-gallery-image-gallery-plugin-156-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woostify-sites-library/woostify-sites-library-147-missing-authorization-to-authenticated-subscriber-limited-options-update</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-11212-authenticated-contributor-stored-cross-site-scripting-via-thumbnail-slider-widget</loc>
<lastmod>2024-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-plugin-10-sql-injection-via-filter_list</loc>
<lastmod>2017-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youzify/youzify-buddypress-community-user-profile-social-network-membership-plugin-for-wordpress-by-kainelabs-132-missing-authorization-to-authenticated-subscriber-arbitrary-review-deletion</loc>
<lastmod>2025-01-24T18:53:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-shortcodes/cpo-shortcodes-150-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/namaste-lms/namaste-lms-265-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-classify/image-classify-100-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-filterable-portfolio/responsive-filterable-portfolio-108-authenticated-admin-sql-injection</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/last-updated-shortcode/last-updated-shortcode-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lpagery/bulk-landing-page-creator-for-wordpress-lpagery-249-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-firebase/integrate-firebase-093-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-attachments/auto-attachments-185-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-12T18:51:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/moneymasters/moneymasters-all-versions-arbitrary-file-upload</loc>
<lastmod>2012-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-missing-authorization-in-listpostscategory</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/catalog-mode-pricing-enquiry-forms-promotions/wmodes-catalog-mode-product-pricing-enquiry-forms-promotions-for-woocommerce-122-missing-authorization-to-sensitive-information-disclosure</loc>
<lastmod>2025-11-17T20:52:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/builty/multiple-themes-by-bslthemes-various-version-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checklist/checklist-119-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cfm/wp-cfm-178-cross-site-request-forgery-via-multiple-ajax-functions</loc>
<lastmod>2024-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pixgraphy/pixgraphy-138-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-complete-hr-solution-with-recruitment-job-listings-woocommerce-crm-accounting-1131-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multi-rating/multi-rating-505-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/card-elements-for-wpbakery/card-elements-for-wpbakery-108-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-restaurant-menu/quick-restaurant-menu-202-missing-authorization</loc>
<lastmod>2023-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-iframe/advanced-iframe-20256-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T18:33:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandrestaurant/grand-restaurant-709-reflected-cross-site-scripting</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instant-popup-builder/instant-popup-builder-117-unauthenticated-arbitrary-shortcode-execution-via-token-parameter</loc>
<lastmod>2026-03-18T19:02:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/full-customer/full-customer-223-authenticatedsubscriber-improper-authorization-to-arbitrary-plugin-installation</loc>
<lastmod>2023-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-miniaudioplayer/mbmbminiaudioplayer-143-cross-site-scripting</loc>
<lastmod>2013-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/onionbuzz-viral-quiz/onionbuzz-plugin-127-sql-injection</loc>
<lastmod>2019-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/story-chief/storychief-1042-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-08-15T14:41:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-marketing-automations/automation-by-autonami-360-open-redirect</loc>
<lastmod>2025-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elespare/elespare-blog-magazine-and-newspaper-addons-for-elementor-with-templates-widgets-kits-and-headerfooter-builder-one-click-import-no-coding-required-312-authenticated-contributor-stored-cross-site-scripting-via-horizontal-nav-menu-widget</loc>
<lastmod>2024-06-12T19:14:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.9/wordpress-core-49-insecure-deserialization</loc>
<lastmod>2018-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cp-easy-form-builder/form-builder-cp-1241-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.2/wordpress-core-424-timing-side-channel-attack</loc>
<lastmod>2015-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-calendar/my-calendar-1105-cross-site-scripting</loc>
<lastmod>2012-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loading-page/loading-page-with-loading-screen-1082-cross-site-scripting</loc>
<lastmod>2022-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aplazo-payment-gateway/aplazo-payment-gateway-143-missing-authorization-to-unauthenticated-order-status-manipulation</loc>
<lastmod>2026-01-13T17:29:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-2910-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-video-embed/wonder-video-embed-22-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-02-18T09:35:42.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dhtmlxspreadsheet/dhtmlxspreadsheet-20-cross-site-scripting</loc>
<lastmod>2013-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map/easy2map-124-directory-traversal</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-element-pack-lite/element-pack-addons-for-elementor-825-authenticated-subscriber-blind-server-side-request-forgery</loc>
<lastmod>2025-10-20T08:59:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-kit/realkit-510-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realestate-7/wp-pro-real-estate-7-311-reflected-cross-site-scripting</loc>
<lastmod>2021-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-with-qrcode/donate-with-qrcode-145-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2021-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banhammer/banhammer-monitor-site-traffic-block-bad-users-and-bots-348-unauthenticated-protection-mechanism-bypass</loc>
<lastmod>2025-09-25T14:27:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-enquiry/woocommerce-product-enquiry-260-unauthenticated-self-based-cross-site-scripting</loc>
<lastmod>2023-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-social-icons/easy-social-icons-313-admin-sql-injection</loc>
<lastmod>2022-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-options-plus/custom-options-plus-181-cross-site-request-forgery-via-custom_options_plus_adm</loc>
<lastmod>2023-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-page-builder-4110-open-redirect</loc>
<lastmod>2021-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/services-section/services-section-block-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartarget-message-bar/smartarget-message-bar-14-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1152-reflected-cross-site-scripting</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fixedly/fixedly-media-gallery-131-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-260-cross-site-request-forgery-to-form-duplication</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3251-unauthenticated-sql-injection</loc>
<lastmod>2024-12-20T20:35:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-5111-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-configurator-for-woocommerce/product-configurator-for-woocommerce-144-cross-site-request-forgery</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/pretty-links-affiliate-links-link-branding-link-tracking-marketing-plugin-363-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-473-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mailerlite/mailerlite-woocommerce-integration-312-unauthenticated-sql-injection</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-35551-insecure-password-storage-to-sensitive-data-exposure</loc>
<lastmod>2022-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-5563-authenticated-contributor-stored-cross-site-scripting-via-wpda_app-shortcode</loc>
<lastmod>2026-02-13T18:19:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-post/postx-4115-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/universal_video_player/universal-video-player-383-reflected-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/neon-channel-product-customizer-free/neon-channel-product-customizer-free-20-missing-authorization-to-unauthenticated-arbitrary-content-deletion</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-easy-download-manager-and-file-sharing-plugin-with-frontend-file-upload-1660-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentpress/rentpress-664-reflected-cross-site-scripting</loc>
<lastmod>2021-09-08T20:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartasi-x-pay/nexi-xpay-831-missing-authorization</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-16265-authenticated-contributor-sql-injection</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-backlink-monitor/seo-backlink-monitor-150-reflected-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/marketing-automation-by-azexo/marketing-automation-by-azexo-12780-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spotlightyour/spotlight-47-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-613-cross-site-scripting</loc>
<lastmod>2015-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automation-web-platform/wawp-44-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-proposals/wp-proposals-23-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-permalinks/custom-permalinks-260-authenticatededitor-stored-cross-site-scripting</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bailly/bailly-134-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fulltext-search/wp-fast-total-search-178258-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-social-login/woocommerce-social-login-262-email-verification-due-to-insufficient-randomness</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/white-label-cms/white-label-cms-151-cross-site-scripting</loc>
<lastmod>2012-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-1328-reflected-cross-site-scripting</loc>
<lastmod>2015-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-pro/tutor-lms-pro-396-unauthenticated-sql-injection</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-export-for-woocommerce/import-export-for-woocommerce-162-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load-optimizer/lazy-load-optimizer-147-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedzy-rss-feeds/rss-aggregator-by-feedzy-feed-to-post-autoblogging-news-youtube-video-feeds-aggregator-441-missing-authorization</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ivy-school/ivyprep-160-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backwpup/backwpup-401-authenticated-administrator-directory-traversal</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jupiterx-core/jupiterx-core-335-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/friends/friends-321-missing-authorization</loc>
<lastmod>2024-12-05T19:45:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/i-amaze/i-amaze-137-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edd-attach-accounts-to-orders/easy-digital-downloads-attach-accounts-to-orders-201-reflected-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-print-friendly/wp-print-friendly-06-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-identicon/wp_identicon-20-reflected-cross-site-scripting</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analyse-uploads/analyse-uploads-05-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-710-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-order-numbers-for-woocommerce/custom-order-numbers-for-woocommerce-160-cross-site-request-forgery-to-notice-dismissal</loc>
<lastmod>2024-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/upc-ean-barcode-generator/upceangtin-code-generator-202-cross-site-request-forgery</loc>
<lastmod>2025-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-sticky-sidebar/wp-cta-call-to-action-plugin-sticky-cta-sticky-buttons-170-missing-authorization-to-unauthenticated-sticky-status-update</loc>
<lastmod>2025-08-01T18:48:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bdthemes-prime-slider-lite/prime-slider-addons-for-elementor-revolution-of-a-slider-hero-slider-ecommerce-slider-3147-authenticated-contributor-stored-cross-site-scripting-via-pacific-widget</loc>
<lastmod>2024-06-06T15:35:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textme-sms-integration/textme-sms-188-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-system/pinpoint-booking-system-29957-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15112-authenticated-contributor-time-based-sql-injection</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-document-embedder/google-doc-embedder-254-directory-traversal</loc>
<lastmod>2013-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-editor/theme-editor-21-cross-site-request-forgery</loc>
<lastmod>2019-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-manager/booking-manager-215-authenticatedcontributor-sql-injection-via-shortcode</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elex-helpdesk-customer-support-ticket-system/elex-wordpress-helpdesk-customer-ticketing-system-331-missing-authorization-to-authenticated-subscriber-trash-restore</loc>
<lastmod>2025-11-20T16:58:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revisionary/publishpress-revisions-duplicate-posts-submit-approve-and-schedule-content-changes-3514-reflected-cross-site-scripting</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking/booking-calendar-921-cross-site-request-forgery</loc>
<lastmod>2022-09-06T14:36:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-directory-plugin/business-directory-plugin-easy-listing-directories-for-wordpress-642-unauthenticated-sql-injection-via-listingfields-parameter</loc>
<lastmod>2024-05-21T16:56:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dd-post-carousel/custom-post-carousels-with-owl-1411-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-membership-plugin-content-restriction-member-levels-user-profile-user-signup-347-authentication-bypass-via-password-reset-weakness</loc>
<lastmod>2022-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/strong-testimonials/strong-testimonials-2400-stored-cross-site-scripting</loc>
<lastmod>2020-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-415-reflected-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grit/grit-life-coach-business-coaching-wordpress-theme-101-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/checkout-mestres-wp/checkout-mestres-do-wp-for-woocommerce-865-875-unauthenticated-arbitrary-options-update</loc>
<lastmod>2025-03-28T18:37:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donations-for-woocommerce/potent-donations-for-woocommerce-119-cross-site-request-forgery-in-hm_wcdon_admin_page</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envira-gallery-lite/envira-gallery-lite-1832-cross-site-scripting</loc>
<lastmod>2020-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xml-multilanguage-sitemap-generator/xml-multilanguage-sitemap-generator-206-missing-authorization</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-list/page-list-52-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-3215-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexmls-idx/flexmls-idx-plugin-3159-reflected-cross-site-scripting</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/felici/felici-premium-magazine-theme-17-cross-site-scripting</loc>
<lastmod>2013-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-showcase/youtube-showcase-351-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/world-of-warcraft-armory-table/world-of-warcraft-armory-table-026-cross-site-scripting</loc>
<lastmod>2014-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secupress/secupress-free-2253-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/accelerated-mobile-pages-10881-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-body-class/add-custom-body-class-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpfunnels/easiest-funnel-builder-for-wordpress-woocommerce-by-wpfunnels-355-reflected-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/time-sheets/time-sheets-152-cross-site-scripting</loc>
<lastmod>2017-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cost-of-goods-for-woocommerce/cost-of-goods-for-woocommerce-286-missing-authorization-in-save_costs</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/surbma-premium-wp/surbma-premium-wp-90-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-gallery/buddypress-bp-gallery-plus-125-cross-site-scripting</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dw-question-answer/dw-question-answer-158-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fonts/custom-fonts-host-your-fonts-locally-214-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-05-23T17:52:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tailored-tools/tailored-tools-184-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-profile-picture/woocommerce-custom-profile-picture-10-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/request-a-quote/request-a-quote-2310-cross-site-request-forgery</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-map-plugin/wp-maps-439-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eds-responsive-menu/eds-responsive-menu-12-reflected-cross-site-scripting</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-235-missing-authorization</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-558-reflected-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-all-in-one-seo-pack/fv-simpler-seo-196-missing-authorization</loc>
<lastmod>2025-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pgall-for-woocommerce/-520-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salesforce-wordpress-to-lead/to-lead-for-salesforce-2739-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/airin-blog/airin-blog-162-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breadcrumbs-shortcode/breadcrumbs-shortcode-144-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-custom-author-profiles/simple-custom-author-profiles-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-mercadopago/mercado-pago-payments-for-woocommerce-8711-missing-authorization-to-unauthenticated-pix-payment-qr-code-image-disclosure</loc>
<lastmod>2026-05-05T15:16:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/message-ticker/message-ticker-93-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simpleshop-cz/simpleshop-2100-cross-site-request-forgery</loc>
<lastmod>2024-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-free-version-103025-missing-authorization</loc>
<lastmod>2026-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/interactive-contact-form-and-multi-step-form-builder-with-drag-drop-editor-funnelforms-free-3732-missing-authorization-to-unauthenticated-arbitrary-media-upload</loc>
<lastmod>2024-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/intelly-welcome-bar/welcome-bar-203-missing-authorization</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/title-animator/title-animator-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-02-06T20:24:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/only-tweet-like-share-and-google-1/simple-light-weight-social-share-tweet-like-share-and-linkedin-20-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-analytify/analytify-google-analytics-dashboard-for-wordpress-ga4-analytics-made-easy-523-cross-site-request-forgery</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gold-addons-for-elementor/gold-addons-for-elementor-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sitebuilder-dynamic-components/sitebuilder-dynamic-components-10-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pirate-forms/contact-form-smtp-plugin-for-wordpress-by-pirateforms-260-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-01-29T21:22:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-proxy/simple-proxy-10-reflected-cross-site-scripting</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hipaatizer/hipaa-compliant-forms-with-dragndrop-hipaa-form-builder-sign-hipaa-documents-134-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anac-xml-viewer/anac-xml-viewer-182-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/require-taxonomy-image-category-tag/require-limit-categories-tags-featured-image-and-taxonomies-126-reflected-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-238-missing-authorization</loc>
<lastmod>2020-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/widgetkit-for-elementor/all-in-one-addons-for-elementor-widgetkit-243-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wide-banner/wide-banner-104-missing-authorization</loc>
<lastmod>2025-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-41732-unauthenticated-sql-injection</loc>
<lastmod>2023-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-for-wp-job-manager/custom-field-for-wp-job-manager-12-insecure-direct-object-reference-to-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-like-button/wp-like-button-1611-cross-site-request-forgery-via-savedata</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallerio/gallerio-101-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-audio-player/html5-audio-player-the-ultimate-no-code-podcast-mp3-audio-player-240-251-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-12-18T18:14:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-3217-authenticatededitor-stored-cross-site-scripting-via-contact-form-message-settings</loc>
<lastmod>2024-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend-pro/wp-user-frontend-pro-413-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-06-04T16:33:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grid/grid-231-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sensei-lms/sensei-lms-443-information-disclosure</loc>
<lastmod>2022-08-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-201-cross-site-request-forgery-to-settings-modification</loc>
<lastmod>2023-05-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-403-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-3423-cross-site-request-forgery</loc>
<lastmod>2024-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-33100-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/callbackkiller-service-widget/callbackkiller-service-widget-12-missing-authorization-to-unauthenticated-arbitrary-plugin-settings-update</loc>
<lastmod>2026-02-13T18:24:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-1279-missing-authorization</loc>
<lastmod>2026-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zero-bs-crm/jetpack-crm-531-cross-site-request-forgery-and-phar-deserialization</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelating-image-slideshow-gallery/pixelating-image-slideshow-gallery-80-authenticated-contributor-sql-injection</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/4.7/wordpress-core-473-cross-site-scripting-via-taxonomy-names</loc>
<lastmod>2017-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affiliates-manager/affiliate-manager-286-admin-sql-injection</loc>
<lastmod>2021-10-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/store-locator/store-locator-3987-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jeg-elementor-kit/jeg-elementor-kit-269-authenticated-contributor-stored-cross-site-scripting-via-jkit-countdown-widget</loc>
<lastmod>2024-11-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-social-broadcast/wp-social-broadcast-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor/elementor-website-builder-3355-missing-authorization</loc>
<lastmod>2026-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-conversion-pixel/pixel-cat-conversion-pixel-manager-263-reflected-cross-site-scripting</loc>
<lastmod>2021-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-more-copy-link/read-more-copy-link-102-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-183-authenticated-contributor-stored-cross-site-scripting-via-custom-attributes</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-823-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-07-07T17:24:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/valenti/valenti-5635-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-cat/analytics-cat-google-analytics-made-easy-109-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/islamic-database/islamic-database-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/molla/molla-1513-unauthenticated-remote-code-execution</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-1130-missing-authorization</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lunar-sell-photos-online/lunar-130-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/makestories-helper/makestories-for-web-stories-264-cross-ste-scripting</loc>
<lastmod>2022-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-250905-unauthenticated-remote-code-execution</loc>
<lastmod>2025-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-classifieds-and-directory-pro/advanced-classifieds-directory-pro-313-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/porto/porto-710-unauthenticated-local-file-inclusion-via-porto_ajax_posts</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-warfare/social-warfare-352-remote-code-execution</loc>
<lastmod>2021-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photome/photome-571-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-swimteam/swim-team-1451085-directory-traversal</loc>
<lastmod>2015-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aibuddy-openai-chatgpt/aibud-wp-185-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2025-07-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bonjour-bar/bonjour-bar-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-chat/html5-chat-107-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-30T00:40:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-addons-for-elementor/responsive-addons-for-elementor-free-elementor-addons-plugin-and-elementor-templates-164-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-20T21:19:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sirv/image-optimizer-resizer-and-cdn-sirv-132-sql-injection</loc>
<lastmod>2016-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sprout-clients/sprout-clients-32-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-editor/wolf-107-cross-site-request-forgery-via-create_profile</loc>
<lastmod>2023-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-dynamics/dynamics-365-integration-1312-cross-site-request-forgery-via-wp_ajax_wpcrm_log_verbosity</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-smart-author-widget/meks-smart-author-widget-114-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/url-params/url-params-24-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-db/contact-form-to-db-156-multiple-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-absolute-addons-for-elementor-250-authenticated-contributor-stored-cross-site-scripting-via-tooltip-popover-widget</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-notification-bell/wp-notification-bell-146-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cart-rest-api-for-woocommerce/cocart-headless-ecommerce-3112-missing-authorization</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/archicon/archicon-17-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-tabs-slides/wp-tabs-slides-203-cross-site-request-forgery</loc>
<lastmod>2023-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-332-improper-server-side-checks-to-booking-payment-bypass</loc>
<lastmod>2023-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ticket/wp-ticket-604-unauthenticated-sql-injection-via-wordpress-search-s-parameter</loc>
<lastmod>2026-06-12T14:23:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/kadence-blocks-3253-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litespeed-cache/litespeed-cache-7501-reflected-cross-site-scripting</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payment-forms-for-paystack/payment-forms-for-paystack-341-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-ultimate/wordpress-shortcodes-plugin-shortcodes-ultimate-5101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extended-widget-options/widget-options-extended-521-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-twentytwenty/jquery-twentytwenty-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/quads-ads-manager-for-google-adsense-20981-authenticated-contributor-stored-cross-site-scripting-via-multiple-ad-metadata-parameters</loc>
<lastmod>2026-03-27T23:01:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button/button-1122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gyan-elements/gyan-elements-221-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meks-easy-social-share/meks-easy-social-share-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram/icegram-3124-missing-authorization</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lh-copy-media-file/lh-copy-media-file-108-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T19:31:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-frontend/wp-user-frontend-4112-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modal-dialog/modal-dialog-3514-reflected-cross-site-scripting</loc>
<lastmod>2023-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/holmes/holmes-17-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wholesale-market/wholesale-market-for-woocommerce-200-wholesale-market-221-cross-site-request-forgery</loc>
<lastmod>2022-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsmag/newsmag-50-reflected-cross-site-scripting</loc>
<lastmod>2021-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sharebang/sharebang-ultimate-social-share-buttons-for-wordpress-14-reflected-cross-site-scripting</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-orders-tracking/orders-tracking-for-woocommerce-1210-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2024-05-09T20:59:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/quebely-184-authenticated-contributor-stored-cross-site-scripting-via-classname-block-option</loc>
<lastmod>2023-02-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image-from-url/featured-image-from-url-fifu-527-unauthenticated-information-exposure-via-log-file</loc>
<lastmod>2025-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blocksy-companion-pro/blocksy-companion-pro-2137-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rescue-shortcodes/rescue-shortcodes-33-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/designthemes-portfolio-addon/designthemes-portfolio-addon-15-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-analytics/social-analytics-02-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediabay/mediabay-wordpress-media-library-folders-14-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qubely/qubely-1814-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vitamin/vitamin-110-directory-traversal</loc>
<lastmod>2012-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-274-cross-site-request-forgery-via-addon_enable_disable</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-265-cross-site-request-forgery-to-account-creation</loc>
<lastmod>2021-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-notify-updated-product/woocommerce-notify-updated-product-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dynamic-keywords-injector/wp-dynamic-keywords-injector-2321-reflected-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/funnelforms-free/funnelforms-free-34-missing-authorization-to-category-deletion</loc>
<lastmod>2023-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-shopping-video-streams/live-shopping-shoppable-videos-for-woocommerce-220-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-slimstat/slimstat-analytics-492-reflected-cross-site-scripting-via-request_uri</loc>
<lastmod>2022-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/system-dashboard/system-dashboard-2817-reflected-cross-site-scripting-via-filename-parameter</loc>
<lastmod>2025-01-30T00:41:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/post-video-players-1163-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/byconsole-woo-order-delivery-time/wooodt-lite-246-missing-authorization-to-arbitrary-options-update</loc>
<lastmod>2023-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imageboss/imageboss-images-up-to-60-smaller-cdn-306-cross-site-scripting</loc>
<lastmod>2020-05-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-1115-denial-of-service</loc>
<lastmod>2017-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-support-plus-responsive-ticket-system/wp-support-plus-responsive-ticket-system-41-directory-traversal</loc>
<lastmod>2014-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-301-redirects/simple-301-redirects-207-cross-site-request-forgery-via-clicked</loc>
<lastmod>2023-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-capture/email-capture-3125-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exportfeed-for-woocommerce-product-to-etsy/woocommerce-etsy-integration-331-cross-site-request-forgery-bypass</loc>
<lastmod>2021-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-mobile-friendly-image-gallery-1821-authenticated-admin-stored-cross-site-scripting-via-svg</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gianism/gianism-522-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xorbin-digital-flash-clock/xorbin-digital-flash-clock-10-dom-cross-site-scripting</loc>
<lastmod>2013-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chained-quiz/chained-quiz-132-reflected-cross-site-scripting-via-ipf</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/teachpress/teachpress-904-cross-site-request-forgery</loc>
<lastmod>2023-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gtmetrix-for-wordpress/gtmetrix-for-wordpress-047-cross-site-request-forgery</loc>
<lastmod>2023-07-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booster-elite-for-woocommerce/booster-elite-for-woocommerce-712-authenticatedsubscriber-content-injection</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-cfdb7/contact-form-7-database-addon-cfdb7-1268-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/calculate-prices-based-on-distance-for-woocommerce/calculate-prices-based-on-distance-for-woocommerce-135-missing-authorization</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-a-better-search-4221-unauthenticated-second-order-csv-injection</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webappick-product-feed-for-woocommerce/ctx-feed-6618-missing-authorization</loc>
<lastmod>2026-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-15135-authenticated-contributor-stored-cross-site-scripting-via-multiple-widgets</loc>
<lastmod>2025-01-08T19:32:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/quantum/quantum-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/open-user-map-pro/open-user-map-pro-1431-unauthenticated-stored-cross-site-scripting-via-oum_location_notification</loc>
<lastmod>2026-06-10T13:18:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/belfort/belfort-10-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-234-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tours/tours-100-missing-authorization</loc>
<lastmod>2025-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cashtomer/cashtomer-100-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woomulti/woomulti-17-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-4360-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-type-date-archives/custom-post-type-date-archives-271-missing-authorization-to-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-21T15:00:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-category-discount/category-discount-woocommerce-412-missing-authorization-via-wpcd_save_discount</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-video-player/easy-video-player-1222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pixelyoursite/pixelyoursite-your-smart-pixel-tag-manager-10012-cross-site-request-forgery</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/envo-elementor-for-woocommerce/envos-elementor-templates-widgets-for-woocommerce-144-missing-authorization-via-templates_ajax_request</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-and-poll/wordpress-survey-poll-quiz-survey-and-poll-plugin-for-wordpress-175-authenticated-contributor-sql-injection</loc>
<lastmod>2025-01-30T00:48:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metform/metform-elementor-contact-form-builder-383-missing-authorization-to-notice-dismissal</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brands-for-woocommerce/brands-for-woocommerce-3822-cross-site-request-forgery</loc>
<lastmod>2023-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-push-notification-firebase/wp-firebase-push-notification-120-cross-site-request-forgery-to-broadcast-notification</loc>
<lastmod>2025-07-03T12:22:35.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mystickymenu/my-sticky-bar-272-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hercules-core/hercules-core-74-authenticated-subscriber-server-side-request-forgery</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/related-sites/related-sites-22-sql-injection</loc>
<lastmod>2009-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-responsive-thumbnail-slider/thumbnail-carousel-slider-119-reflected-cross-site-scripting</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wonderplugin-audio/wonderplugin-audio-player-21-multiple-cross-site-scripting</loc>
<lastmod>2015-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ideapush/ideapush-866-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photocrati-theme/photocrati-unknown-versions-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexa-blocks/nexa-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-111-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shopwell/shopwell-1011-missing-authorization</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-better-messages/better-messages-live-chat-for-wordpress-buddypress-peepso-ultimate-member-buddyboss-269-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-28T19:31:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/material-design-icons/material-design-icons-005-authenticated-contributor-stored-cross-site-scripting-via-mdi-icon-shortcode</loc>
<lastmod>2024-09-24T12:16:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-tooltipglossary/cm-tooltip-glossary-437-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/knowledgebase/knowledge-base-211-authenticated-contributor-stored-cross-site-scripting-via-block</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibe/web-accessibility-by-accessibe-210-missing-authorization</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-customers-manager/premmerce-woocommerce-customers-manager-1114-reflected-cross-site-scripting</loc>
<lastmod>2026-01-06T18:36:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/healer/healer-doctor-clinic-medical-wordpress-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/muzicon/muzicon-190-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notibar/notibar-215-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-05T21:11:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-facebook-reviews/wp-review-slider-128-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-encoder-bundle/email-encoder-protect-email-addresses-and-phone-numbers-244-authenticated-contributor-stored-cross-site-scripting-via-eeb_mailto-shortcode</loc>
<lastmod>2026-04-15T18:24:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cc-child-pages/cc-child-pages-211-authenticated-contributor-stored-cross-site-scripting-via-more-parameter</loc>
<lastmod>2026-05-13T19:50:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-ai-powered-woocommerce-multivendor-marketplace-solution-503-insecure-direct-object-reference-to-authenticated-custom-arbitrary-order-modification-via-multiple-ajax-handlers</loc>
<lastmod>2026-06-17T14:54:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fat-event-lite/fat-event-lite-11-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/brave-popup-builder/brave-popup-builder-070-cross-site-request-forgery</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-related-posts/advanced-related-posts-191-missing-authorization</loc>
<lastmod>2026-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nicejob/nicejob-364-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/broken-link-checker-for-youtube/broken-link-checker-for-youtube-13-cross-site-request-forgery-via-plugin_settings_page</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/Divi/divi-4231-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dl-robotstxt/dl-robotstxt-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-wordpress-page-builder-2811-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/firework-videos/firework-shoppable-live-video-63-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-youtube-subscribe/youtube-subscribe-300-authenticated-admin-stored-cross-site-scripting-via-title-and-channel-id</loc>
<lastmod>2025-11-24T19:13:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-stock-manager/stock-manager-for-woocommerce-2100-cross-site-request-forgery</loc>
<lastmod>2023-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sign-up-sheets/sign-up-sheets-228-cross-site-request-forgery</loc>
<lastmod>2023-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-social-media-icons/advanced-social-media-icons-12-authenticated-contributor-stored-cross-site-scripting-via-social-shortcode</loc>
<lastmod>2026-05-11T19:03:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/read-and-understood/read-and-understood-22-cross-site-scripting</loc>
<lastmod>2018-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-data-filter-and-taxonomy-filter/wordpress-meta-data-and-taxonomies-filter-mdtf-1334-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jt-express/jt-express-malaysia-2013-reflected-cross-site-scripting-via-placeholder</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-delivery-notes/print-invoice-delivery-notes-for-woocommerce-580-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-registration-profile-commerce-more-16265-insecure-direct-object-reference</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-builder/countdown-coming-soon-maintenance-countdown-clock-293-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-showcase/author-showcase-143-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-paypal-donation/wordpress-paypal-donation-101-authenticated-contributor-stored-cross-site-scripting-via-amount-shortcode-attribute</loc>
<lastmod>2026-03-20T15:07:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/different-shipping-and-billing-address-for-woocommerce/multiple-shipping-and-billing-address-for-woocommerce-12-unauthenticated-sql-injection</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uploader/uploader-104-multiple-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-hover-effects-elementor-addon/image-hover-effects-for-elementor-1024-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filester/file-manager-pro-filester-18-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2023-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/entrada/entrada-577-cross-site-request-forgery</loc>
<lastmod>2025-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbits-addons-for-elementor/wpbits-addons-for-elementor-18-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-27T17:39:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tennis-court-bookings/tennis-court-bookings-127-authenticated-administrator-stored-cross-site-scripting-via-admin-settings-and-calendar-parameters</loc>
<lastmod>2026-02-18T16:00:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-cleanup/image-cleanup-192-missing-authorization</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-paypal-add-on/contact-form-7-paypal-stripe-add-on-20-reflected-cross-site-scripting</loc>
<lastmod>2024-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icegram-rainmaker/icegram-collect-easy-form-lead-collection-and-subscription-plugin-1318-missing-authorization</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-135-reflected-cross-site-scripting-via-color-settings</loc>
<lastmod>2020-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notifier/wanotifier-2712-missing-authorization</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thegov-core/thegov-core-2023-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-block/button-block-get-fully-customizable-multi-functional-buttons-114-authenticated-contributor-post-disclosure</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1568-cross-site-scripting</loc>
<lastmod>2021-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ymc-smart-filter/filter-grids-351-missing-authorization</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mizan-demo-importer/mizan-demo-importer-013-missing-authorization</loc>
<lastmod>2026-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicate-content-cure/duplicate-content-cure-10-cross-site-request-forgery</loc>
<lastmod>2025-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aklamator-infeed/aklamator-infeed-200-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-fields-shortcode/custom-fields-shortcode-01-authenticatedcontributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/book-a-place/book-a-place-071-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-sidebar/responsive-sidebar-122-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-reflected-cross-site-scripting-via-login_pwd</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/site-editor/site-editor-111-local-file-inclusion</loc>
<lastmod>2018-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restful-syndication/restful-content-syndication-110-150-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-landing-page-generator/seo-landing-page-generator-1662-reflected-cross-site-scripting</loc>
<lastmod>2024-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/townhub/townhub-129-reflected-cross-site-scripting</loc>
<lastmod>2020-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crazy-bone/crazy-bone-060-stored-cross-site-scripting</loc>
<lastmod>2015-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-recaptcha/login-no-captcha-recaptcha-180-unauthenticated-stored-cross-site-scripting-via-php_self</loc>
<lastmod>2026-05-27T14:54:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-171-reflected-cross-site-scripting</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.9/wordpress-core-392-deserialization-via-widgets</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/presssmart/pressmart-1226-unauthenticated-php-object-injection</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-265-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-checkout-fields/flexible-checkout-fields-for-woocommerce-412-missing-authorization</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vex/vex-129-authenticated-subscriber-php-object-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-by-icegram-express-affordable-powerful-email-marketing-for-wordpress-woocommerce-5744-authenticated-admin-stored-cross-site-scripting-via-text-block</loc>
<lastmod>2024-12-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sudoku-shortcode/sudoku-shortcode-100-authenticated-contributor-cross-site-scripting-via-background-shortcode-attribute</loc>
<lastmod>2026-02-10T20:07:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-paypal-payments/quick-paypal-payments-5725-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kontxt-semantic-engine/kontxt-improves-wordpress-search-146-cross-site-request-forgery</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-elementor/ultimate-addons-for-elementor-1300-stored-cross-site-scripting</loc>
<lastmod>2021-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sassy-social-share/social-sharing-plugin-sassy-social-share-3375-reflected-cross-site-scripting-via-heateor_mastodon_share-parameter</loc>
<lastmod>2025-06-06T21:59:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wa-chatbox-manager/chatbox-manager-126-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-postratings-cheater/wp-postratings-cheater-15-cross-site-request-forgery</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/securesubmit/wp-securesubmit-1518-missing-authorization</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor-lms-elementor-addons/tutor-lms-elementor-addons-215-missing-authorization-to-authenticated-subscriber-limited-plugin-installation</loc>
<lastmod>2024-11-14T16:28:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/local-delivery-drivers-for-woocommerce/local-delivery-drivers-for-woocommerce-190-missing-authorization-to-driver-account-takeover</loc>
<lastmod>2023-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-redirect-thank-you-page/contact-form-7-redirect-thank-you-page-103-cross-site-request-forgery-via-cf7rl_admin_table</loc>
<lastmod>2023-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokintroscroller/rokintroscroller-18-denial-of-service</loc>
<lastmod>2013-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atec-debug/atec-debug-1222-authenticated-administrator-remote-code-execution</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rentsyst/rentsyst-2092-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userpro-messaging/private-messages-for-userpro-4100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-111224-arbitrary-file-upload</loc>
<lastmod>2011-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yith-woocommerce-ajax-search/yith-woocommerce-ajax-search-280-unauthenticated-sql-injection</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flashcounter/flashcounter-118-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1560-arbitrary-file-upload-in-file-manager</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quentn-wp/quentn-wp-128-unauthenticated-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xtremelocator/xtreme-locator-dealer-locator-plugin-301-authenticated-admin-sql-injection</loc>
<lastmod>2016-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-letsencrypt-ssl/wp-encryption-one-click-ssl-force-https-78510-missing-authorization-to-authenticated-subscriber-ssl-setup-tampering</loc>
<lastmod>2026-05-13T17:14:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-simple-html-sitemap/wordpress-simple-html-sitemap-28-reflected-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-sell-with-paypal-and-stripe-2703-unauthenticated-csv-injection</loc>
<lastmod>2025-10-10T19:47:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infusionsoft-official-opt-in-forms/keap-official-opt-in-forms-203-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/banner-manager/banner-manager-160419-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-addon/ppom-for-woocommerce-33016-missing-authorization</loc>
<lastmod>2025-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traderunner/trade-runner-314-cross-site-request-forgery</loc>
<lastmod>2025-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/quota/easy-digital-downloads-quota-125-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-suite/custom-field-suite-2621-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instawp-connect/instawp-connect-0109-missing-authorization-to-sensitive-information-dislcosure</loc>
<lastmod>2024-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/a3-portfolio/a3-portfolio-310-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mediclinic/mediclinic-21-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-4118-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/getresponse-integration/getresponse-for-wordpress-5531-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-survey-and-quiz-tool/survey-and-quiz-tool-292-unauthenticated-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-database-reset/wp-database-reset-31-unauthenticated-database-reset</loc>
<lastmod>2020-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emojination/emojination-1012-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bsk-pdf-manager/bsk-pdf-manager-311-admin-sql-injection</loc>
<lastmod>2021-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/team-section/team-section-block-109-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webp-converter-for-media/converter-for-media-632-missing-authorization-to-authenticated-subscriber-optimized-image-deletion-via-regenerate-attachment-rest-endpoint</loc>
<lastmod>2025-12-16T18:33:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/really-simple-ssl/really-simple-ssl-914-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-125-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2017-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-159-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpSS/wordpress-spreadsheet-062-sql-injection</loc>
<lastmod>2014-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-lucky-wheel/lucky-wheel-for-woocommerce-spin-a-sale-1113-authenticated-administrator-php-code-injection-via-conditional-tags</loc>
<lastmod>2025-12-29T23:11:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/currency-converter-calculator/currency-converter-calculator-131-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-318-authenticated-author-arbitrary-file-upload-via-mla-inline-edit-upload-scripts-ajax-action</loc>
<lastmod>2024-08-12T16:35:37.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-made-easy/events-made-easy-2223-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/productive-commerce/productive-commerce-1122-unauthenticated-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stateless/wp-stateless-google-cloud-storage-340-missing-authorization-to-limited-arbitrary-options-update</loc>
<lastmod>2024-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fintelligence-calculator/fintelligence-calculator-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enquiry-quotation-for-woocommerce/product-enquiry-for-woocommerce-223333-authenticated-author-php-object-injection-in-enquiry_detailphp</loc>
<lastmod>2024-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-box/meta-box-wordpress-custom-fields-framework-5910-missing-authorization-to-information-exposure</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zynith-seo/zynith-seo-749-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2024-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/aparat-responsive/aparat-responsive-13-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-featured-screenshot/wp-featured-screenshot-13-reflected-cross-site-scripting</loc>
<lastmod>2025-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-with-qrcode/donate-with-qrcode-144-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2021-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-engine/jetengine-372-authenticated-contributor-remote-code-execution</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/lendiz/lendiz-201-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/demo-awesome/demo-awesome-103-missing-authorization-to-authenticated-subscriber-plugin-activation</loc>
<lastmod>2025-04-01T20:30:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-333-unauthenticated-local-file-inclusion-via-template</loc>
<lastmod>2024-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcom-member/wpcom-member-177-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-lite-for-elementor/powerpack-addons-for-elementor-299-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import/wp-all-import-367-authenticated-administrator-arbitrary-code-execution</loc>
<lastmod>2022-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/password-for-wp/password-for-wp-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T15:10:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woohoo/woo-hoo-125-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-1022-missing-authorization-to-unauthenticated-ajax-actions-execution</loc>
<lastmod>2025-09-10T18:46:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/build-app-online/build-app-online-1022-cross-site-request-forgery</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-156-missing-authorization-to-plugin-deactivation-and-data-deletion</loc>
<lastmod>2024-08-20T17:25:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/referrer-detector/referrer-detector-4210-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/redirect-redirection/redirect-redirection-113-cross-site-request-forgery-via-addredirect-function</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-expiration/simple-post-expiration-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/classified-listing/classified-listing-ai-powered-classified-ads-business-directory-plugin-538-authenticated-subscriber-arbitrary-file-download</loc>
<lastmod>2026-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cumulus/wp-cumulus-122-cross-site-scripting-via-tagcloud</loc>
<lastmod>2009-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartcrawl-seo/smartcrawl-wordpress-seo-checker-seo-analyzer-seo-optimizer-3102-missing-authorization</loc>
<lastmod>2024-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-pipes/wp-pipes-143-unauthenticated-sql-injection</loc>
<lastmod>2025-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-link-directory/simple-link-directory-892-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-01T14:45:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1495-reflected-cross-site-scripting</loc>
<lastmod>2021-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ml-slider/slider-gallery-and-carousel-by-metaslider-responsive-wordpress-plugin-3278-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-api/bbpress-api-1014-missing-authorization</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizcalendar-web/bizcalendar-web-11034-authenticated-administrator-sql-injection</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cds-simple-seo/simple-seo-1791-reflected-cross-site-scripting</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seopress-for-mainwp/seopress-for-mainwp-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/inline-tweet-sharer/inline-tweet-sharer-253-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-filtering/easy-filtering-250-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-qsm-910-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-template/custom-field-template-261-authenticated-admin-stored-cross-site-scritping</loc>
<lastmod>2024-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/kallyas/kallyas-4210-authenticated-contributor-arbitrary-folder-deletion</loc>
<lastmod>2025-07-25T19:04:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fixtag/wp-fixtag-v202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-export/wp-all-export-1414-unauthenticated-sensitive-information-exposure-via-php-type-juggling</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-fields-to-checkout-page-woocommerce/custom-woocommerce-checkout-fields-editor-131-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fs-product-inquiry/fs-product-inquiry-111-reflected-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-away/file-away-39901-missing-authorization-to-unauthenticated-file-upload-via-upload-function</loc>
<lastmod>2025-03-18T23:14:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/edit-comments/edit-comments-03-reflected-cross-site-scripting</loc>
<lastmod>2021-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-social-connect/bp-social-connect-162-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdevart-vertical-menu/responsive-vertical-icon-menu-158-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pricing-table-by-supsystic/pricing-table-by-supsystic-188-boolean-based-blind-sql-injections</loc>
<lastmod>2021-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-shortcodes-creator/shortcodes-blocks-creator-ultimate-213-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reviewx/reviewx-1617-missing-authorization-in-rx_coupon_from_submit</loc>
<lastmod>2023-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-wp-brand/my-wp-brand-113-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-event-post/themify-event-post-127-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wcs-qr-code-generator/wcs-qr-code-generator-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpress/powerpress-podcasting-plugin-by-blubrry-111510-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sanger/sanger-1240-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-woocommerce/pdf-invoices-for-woocommerce-drag-and-drop-template-builder-538-authenticated-administrator-sql-injection</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geolocator/geolocator-11-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/folders/folders-292-authenticated-author-arbitrary-file-upload-in-handle_folders_file_upload</loc>
<lastmod>2023-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pie-register-premium/pie-register-premium-3832-missing-authorization</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-283-authorization-bypass</loc>
<lastmod>2009-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-submissions/contact-form-submissions-17-authenticated-sql-injection</loc>
<lastmod>2021-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lana-downloads-manager/lana-downloads-manager-171-authenticated-contributor-arbitrary-file-download</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idsk-toolkit/id-sk-toolkit-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpnakama/wpnakama-063-unauthenticated-sql-injection-via-order_by-parameter</loc>
<lastmod>2025-12-11T18:31:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-protector/passster-3558-missing-authentication-leading-to-sensitive-information-disclosure-private-post-leakage</loc>
<lastmod>2022-12-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-posts-ticker/simple-posts-ticker-115-authenticatedadministrator-stored-cross-site-scripting</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-addons-for-gutenberg/spectra-wordpress-gutenberg-blocks-2190-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-25T16:21:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bma-lite-appointment-booking-and-scheduling/bma-lite-142-authenticated-administrator-sql-injection</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estatik-mortgage-calculator/estatik-mortgage-calculator-2012-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/category-specific-rss-feed-menu/category-specific-rss-feed-subscription-22-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvpmaker-for-toastmasters/rsvpmaker-for-toastmasters-624-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/baw-login-logout-menu/login-logout-menu-133-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-product-author/product-author-for-woocommerce-107-cross-site-request-forgery</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-levoslideshow/levo-slideshow-23-arbitrary-file-upload</loc>
<lastmod>2013-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cinza-grid/cinza-grid-121-authenticated-contributor-stored-cross-site-scripting-via-skin-content-field</loc>
<lastmod>2025-10-21T20:22:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-expirator/schedule-post-changes-with-publishpress-future-unpublish-delete-change-status-trash-change-categories-4100-authenticated-administrator-stored-cross-site-scripting-via-wrapper-shortcode-attribute</loc>
<lastmod>2026-05-04T14:02:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usersnap/usersnap-416-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-side-buttons/sticky-side-buttons-200-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-datatable/wp-datatable-026-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-01-30T20:02:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weblizar-pinterest-feeds/weblizar-pin-feeds-112-cross-site-request-forgery</loc>
<lastmod>2018-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcode-addons/shortcode-addons-325-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mp-timetable/timetable-and-event-schedule-by-motopress-2416-insecure-direct-object-reference-to-authenticated-contributor-sensitive-information-exposure-via-action_get_event_data-function</loc>
<lastmod>2026-05-27T14:55:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-plugins-dashboard/download-plugins-and-themes-from-dashboard-185-authenticated-admin-arbitrary-file-download</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/buisson/buisson-1111-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-builder-536-authenticated-contributor-stored-cross-site-scripting-via-additional_settings-parameter</loc>
<lastmod>2025-05-28T19:53:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/melodyschool/melody-163-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/feedlist/feedlist-26103-reflected-cross-site-scripting</loc>
<lastmod>2010-11-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/sweetjane/sweet-jane-delightful-cake-shop-theme-12-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fw-gallery/fw-gallery-800-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-uploader/wordpress-file-uploader-11-arbitrary-file-upload</loc>
<lastmod>2013-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-images-ape/gallery-images-ape-228-missing-authorization</loc>
<lastmod>2022-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-firewall-2/wordpress-firewall-2-13-stored-cross-site-scripting</loc>
<lastmod>2017-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-10T14:30:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup/jetbackup-wp-backup-migrate-restore-139-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2020-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/check-email/check-log-email-109-unauthenticated-hook-injection</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial-builder/testimonial-160-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/docpro/docpro-201-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-2150-reflected-cross-site-scripting</loc>
<lastmod>2022-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multisite-post-duplicator/multisite-post-duplicator-176-cross-site-request-forgery</loc>
<lastmod>2016-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-8010-cross-site-request-forgery-to-quiz-restoration</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vk-block-patterns/vk-block-patterns-13111-cross-site-request-forgery</loc>
<lastmod>2024-01-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ota-sync-booking-engine-widget/ota-sync-booking-engine-widget-127-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-foodbakery/foodbakery-delivery-restaurant-directory-wordpress-theme-47-missing-authorization-in-multiple-functions</loc>
<lastmod>2025-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zephyr-project-manager/zephyr-project-manager-339-open-redirect</loc>
<lastmod>2023-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anac-xml-viewer/anac-xml-viewer-17-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/bard/bard-2216-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-11-18T23:46:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trash-duplicate-and-301-redirect/trash-duplicate-and-301-redirect-191-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2114-authenticated-contributor-account-takeover-via-password-reset-link-disclosure</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxwpbookmark/cbx-bookmark-favorite-1720-authenticated-administrator-sql-injection</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cartpauj-register-captcha/cartpauj-register-captcha-1002-captcha-bypass</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsv-google-maps/rsv-gmaps-15-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraaddons-elementor-lite/ultraaddons-200-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imageseo/optimize-images-alt-text-207-cross-site-request-forgery</loc>
<lastmod>2022-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/wordpress-gallery-plugin-nextgen-gallery-2246-sensitive-information-disclosure</loc>
<lastmod>2018-03-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-addons-beaver-builder-elementor/xpro-addons-for-beaver-builder-8211-lite-155-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-what-should-we-write-about-next/advanced-what-should-we-write-next-about-103-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-274-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-countdown/ninja-countdown-150-missing-authorization-to-authenticated-subscriber-arbitrary-countdown-deletion</loc>
<lastmod>2025-11-10T15:01:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-ck/slideshow-ck-149-authenticated-stored-cross-site-scripting</loc>
<lastmod>2022-05-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-wemusic/wemusic-191-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-archive-list-widget/js-archive-list-617-authenticated-contributor-php-object-injection-via-included-shortcode-attribute</loc>
<lastmod>2026-03-06T11:46:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contentboxes/contentboxes-11-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kivicare-clinic-management-system/kivicare-clinic-patient-management-system-ehr-3616-missing-authorization</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rosebud/rosebud-flower-shop-and-florist-wordpress-theme-14-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-wp-security/ithemes-security-690-cross-site-scripting</loc>
<lastmod>2018-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-blogs-planetarium/wp-blogs-planetarium-10-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-215-authenticated-contributor-stored-cross-site-scripting-via-url-parameter-of-the-de-gallery-widget</loc>
<lastmod>2024-06-26T16:37:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syntax-highlighter-compress/syntax-highlighter-compress-30833-reflected-cross-site-scripting</loc>
<lastmod>2026-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wicked-folders/wicked-folders-21816-missing-authorization-on-ajax_save_sort_order</loc>
<lastmod>2023-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/werkstatt/werkstatt-creative-portfolio-wordpress-theme-472-missing-authorization</loc>
<lastmod>2026-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/filebird/filebird-632-missing-authorization</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-cron-manager/advanced-cron-manager-debug-control-256-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-real-download-path/hide-real-download-path-16-cross-site-request-forgery</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-to-hootsuite/post-to-social-media-wordpress-to-hootsuite-159-cross-site-request-forgery</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/latestcheckins/latestcheckins-1-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-08-15T14:46:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-online-ada-418-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-contact/wp-easy-contact-401-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/memphis-documents-library/memphis-documents-library-2616-remote-file-inclusion</loc>
<lastmod>2015-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top-10/top-10-popular-posts-plugin-for-wordpress-243-sql-injection</loc>
<lastmod>2017-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/more-better-reviews-for-woocommerce/get-better-reviews-for-woocommerce-406-missing-authorization</loc>
<lastmod>2024-07-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-14164-unauthenticated-stored-cross-site-scripting-via-utm_source-parameter</loc>
<lastmod>2026-04-16T13:20:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-plugin-5245-authenticatedadministrator-sql-injection</loc>
<lastmod>2023-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-hours-indicator/business-hours-indicator-234-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fancy-product-designer/fancy-product-designer-woocommerce-wordpress-648-unauthenticated-full-path-disclosure-via-pdf-parameter</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mjm-clinic/mjm-clinic-1122-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-308-authenticated-admin-sql-injection</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auxin-elements/shortcodes-and-extra-features-for-phlox-theme-2158-missing-authorization</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-builder-add/landing-page-builder-1517-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/imperial-fairytale/imperial-fairytale-theme-all-versions-multiple-vulnerabilities</loc>
<lastmod>2013-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-app-bar/wp-app-bar-15-unauthenticated-stored-cross-site-scripting-via-app-bar-features-parameter</loc>
<lastmod>2026-03-06T18:49:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/downloads-manager/downloads-manager-02-arbitrary-file-upload</loc>
<lastmod>2008-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/page-scroll-to-id/page-scroll-to-id-175-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rsvp/rsvp-and-event-management-2716-unauthenticated-information-exposure</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mini-cart-drawer/mini-cart-drawer-for-woocommerce-400-missing-authorization-via-ajax</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-rss-aggregator/wp-rss-aggregator-4193-reflected-cross-site-scripting</loc>
<lastmod>2022-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-schema/review-schema-224-authenticated-contributor-local-file-inclusion-via-post-meta</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recall/wp-recall-162614-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-09107-unauthenticated-php-object-injection</loc>
<lastmod>2024-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/basticom-framework/basticom-framework-152-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-409-reflected-cross-site-scripting</loc>
<lastmod>2026-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-tabs/jettabs-2212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/erp-11610-authenticated-crm-agent-sql-injection</loc>
<lastmod>2026-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-photo-gallery/flash-photo-gallery-07-cross-site-scripting</loc>
<lastmod>2014-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/button-generation/button-generator-easily-button-builder-311-cross-site-request-forgery</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enhanced-plugin-admin/enhanced-plugin-admin-116-cross-site-request-forgery-via-epa_options_page</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auctionPlugin/woocommerce-wordpress-auctions-2013-arbitrary-file-upload</loc>
<lastmod>2012-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/navayan-csv-export/navayan-csv-export-109-unauthenticated-sql-injection</loc>
<lastmod>2024-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/church-admin/church-admin-509-unauthenticated-information-disclosure</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-se/slideshow-se-255-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2022-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fancybox/wp-fancybox-104-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/constant-contact-woocommerce/constant-contact-woocommerce-241-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-banner/simple-banner-3010-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-21T17:34:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-gsap-motion-elementor-addons-website-templates-263-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-table-builder/wp-table-builder-wordpress-table-plugin-1415-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sailthru-triggermail/sailthru-triggermail-11-reflected-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-525-authentciated-admin-sql-injection-via-orderby</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-maps-gpx-viewer/google-maps-gpx-viewer-36-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/code-clone/code-clone-09-authenticated-administrator-sql-injection-via-snippetid-parameter</loc>
<lastmod>2025-03-21T17:52:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-cookie-kit/smart-cookie-kit-231-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rating-widget/rating-widget-plugin-290-sensitive-information-disclosure</loc>
<lastmod>2017-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/optimate-ads/optimate-ads-advance-ad-inserter-adsense-ad-manager-103-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-75327212-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-05-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mycred/mycred-272-unauthenticated-information-exposure</loc>
<lastmod>2024-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-775-authenticated-editor-arbitrary-file-upload</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resmushit-image-optimizer/resmushit-image-optimizer-045-authenticated-administrator-cross-site-scripting</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/side-menu/side-menu-add-fixed-side-buttons-313-sql-injection</loc>
<lastmod>2021-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hero-maps-pro/hero-maps-pro-210-reflected-cross-site-scripting</loc>
<lastmod>2016-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-wp-security-backup-speed-growth-391-sensitive-information-disclosure</loc>
<lastmod>2016-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/modula-best-grid-gallery/modula-image-gallery-photo-grid-video-gallery-2136-missing-authorization-to-authenticated-contributor-arbitrary-postpage-editing</loc>
<lastmod>2026-02-13T19:48:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike-pro/wp-ulike-pro-193-unauthenticated-limited-arbitrary-file-upload</loc>
<lastmod>2025-08-27T15:20:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-backup/everest-backup-wordpress-cloud-backup-migration-restore-cloning-plugin-2213-sensitive-invormation-disclosure-via-procstat-log</loc>
<lastmod>2024-11-05T10:40:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/multiparcels-shipping-for-woocommerce/multiparcels-shipping-for-woocommerce-11412-authenticatedsubscriber-sql-injection-via-id</loc>
<lastmod>2023-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rencontre/rencontre-dating-site-312-cross-site-scripting</loc>
<lastmod>2019-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp_rokstories/rokstories-125-abuse-of-functionality</loc>
<lastmod>2013-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-pages/legal-pages-142-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpsimpletools-upload-limit/manage-upload-limit-104-reflected-cross-site-scripting-via-upload_limit</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-175-privilege-escalation</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/everest-news/cream-blog-fascinate-glaze-blog-lite-everest-news-all-versions-cross-site-scripting</loc>
<lastmod>2023-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-shortcodes/nd-shortcodes-69-authenticated-subscriber-local-file-inclusion</loc>
<lastmod>2023-06-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hash-elements/hash-elements-138-authenticated-contributor-stored-cross-site-scripting-via-url-parameter-in-multiple-widgets</loc>
<lastmod>2024-05-22T16:54:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-tag-manager/meta-tag-manager-31-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duofaq-responsive-flat-simple-faq/duofaq-responsive-flat-simple-faq-148-reflected-cross-site-scripting</loc>
<lastmod>2021-12-13T12:43:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress-media/rtmedia-for-wordpress-buddypress-and-bbpress-3740-sql-injection</loc>
<lastmod>2015-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shariff/shariff-wrapper-4613-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-06-14T19:57:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-google-adwords-conversion-tracking-tag/pixel-manager-for-woocommerce-track-conversions-and-analytics-google-ads-tiktok-and-more-1492-unauthenticated-information-exposure</loc>
<lastmod>2025-11-18T01:18:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-9111-unauthenticated-stored-cross-site-scripting-via-post-parameter-key-names</loc>
<lastmod>2026-05-02T15:41:51.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailster/wp-mailster-18160-authenticated-contributor-sql-injection-via-orderby</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-4111-open-redirect</loc>
<lastmod>2016-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-for-ultimate-member/video-photo-gallery-for-ultimate-member-110-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/profilepress-30-313-unauthenticated-privilege-escalation</loc>
<lastmod>2021-06-28T19:45:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-youtube-live/wp-youtube-live-1100-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/make-section-column-clickable-elementor/make-section-column-clickable-for-elementor-24-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2025-12-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-registration/simple-user-registration-66-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-and-page-builder/post-and-page-builder-by-boldgrid-visual-drag-and-drop-editor-1264-authenticated-contributer-stored-cross-site-scripting</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailoptin/popup-optin-form-email-newsletters-for-mailchimp-hubspot-aweber-mailoptin-12351-authorization-bypass</loc>
<lastmod>2021-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-timeline-lite/bold-timeline-lite-119-missing-authorization-to-admin-notice-dismissal</loc>
<lastmod>2023-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-270-authenticated-instructor-sql-injection</loc>
<lastmod>2024-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotjar-connecticator/hotjar-connecticator-111-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-job-board/simple-job-board-2103-cross-site-request-forgery-via-sjb_save_settings_section</loc>
<lastmod>2023-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/task-manager/task-manager-302-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/overton/overton-13-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-captcha/wp-captcha-200-captcha-bypass</loc>
<lastmod>2023-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-facebook-pixel/facebook-for-wordpress-303-cross-site-request-forgery-to-stored-cross-site-scripting-and-settings-deletion-via-wp_ajax_savedelete_fbe_settings</loc>
<lastmod>2021-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/time-slots-booking-form-1239-missing-authorization</loc>
<lastmod>2025-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-subtitle/wp-subtitle-34-cross-site-scripting</loc>
<lastmod>2022-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spryng-payments-woocommerce/spryng-payments-for-woocommerce-167-cross-site-scripting</loc>
<lastmod>2019-09-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-893-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-360-panorama-and-free-virtual-tour-builder-for-wordpress-8541-improper-authorization-to-authenticated-contributor-plugin-settings-update</loc>
<lastmod>2025-10-24T16:51:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/no-captcha-recaptcha-for-woocommerce/no-captcha-recaptcha-for-woocommerce-126-authenticatedadmin-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/order-tip-woo/order-tip-for-woocommerce-154-unauthenticated-tip-manipulation-to-negative-value-leading-to-unauthorized-discounts</loc>
<lastmod>2025-08-14T13:51:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/wp-import-ultimate-csv-xml-importer-for-wordpress-727-missing-authorization-to-authenticated-subscriber-ftpsftp-credential-exposure</loc>
<lastmod>2025-09-09T17:59:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mtouch-quiz/mtouch-quiz-312-stored-cross-site-scripting</loc>
<lastmod>2015-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementinvader-addons-for-elementor/elementinvader-addons-for-elementor-129-authenticated-contributor-information-exposure</loc>
<lastmod>2024-10-18T18:21:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-220-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-toolkit/user-toolkit-123-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/atarim-visual-collaboration/visual-website-collaboration-feedback-project-management-atarim-330-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/salon-booking-system/salon-booking-system-962-authenticated-customer-stored-cross-site-scripting</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-maker/quiz-maker-business-developer-and-agency-multiple-versions-unauthenticated-sql-injection-via-id</loc>
<lastmod>2025-01-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-call-now/easy-call-now-by-thikshare-110-cross-site-request-forgery-via-settings_page</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnetforms-pro/piotnet-forms-2140-unauthenticated-arbitrary-file-upload-via-form-file-upload</loc>
<lastmod>2026-05-18T18:28:36.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dt-reservation-plugin/reservation-17-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/duplicator/duplicator-1228-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2017-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mdirector-newsletter/mdirector-newsletter-458-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2026-02-13T18:29:09.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-shopping-cart/instinct-wp-e-commerce-34-arbitrary-file-upload</loc>
<lastmod>2008-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/testimonial/testimonial-slider-237-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maan-elementor-addons/maan-addons-for-elementor-101-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/rezo/multiple-themify-themes-various-versions-authenticated-contributor-arbitrary-file-upload</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/markdown-on-save-improved/markdown-on-save-improved-25-stored-cross-site-scripting</loc>
<lastmod>2016-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/n-media-woocommerce-checkout-fields/woocommerce-checkout-field-manager-173-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddypress/buddypress-234-privilege-escalation</loc>
<lastmod>2015-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-2798-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2023-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-registration/user-registration-membership-520-missing-authorization-to-unauthenticated-payment-bypass</loc>
<lastmod>2026-06-25T19:44:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-stripe-checkout/wp-stripe-checkout-12220-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kevins-plugin/kevins-200-cross-site-request-forgery</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/keycaptcha/keycaptcha-251-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srbtranslatin/srbtranslatin-srbtranslatin-146-cross-site-scripting</loc>
<lastmod>2018-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/originality-ai/originalityai-ai-checker-1016-missing-authorization-to-authenticated-subscriber-sensitive-information-disclosure-via-ai_get_table</loc>
<lastmod>2025-10-23T19:37:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultraembed-advanced-iframe/ultraembed-advanced-iframe-plugin-for-wordpress-with-gutenberg-block-included-103-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:27:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dzs-zoomsounds/zoomsounds-691-unauthenticated-php-object-injection</loc>
<lastmod>2025-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-posts-carousel-pro/responsive-posts-carousel-pro-151-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-12-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coinbase-commerce-for-contact-form-7/coinbase-commerce-for-contact-form-7-112-missing-authorization-to-authenticated-subscriber-api-key-modification-via-cccf7_api_key-parameter</loc>
<lastmod>2026-05-11T19:04:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-with-ai-by-kadence-wp-361-missing-authorization-to-authenticated-contributor-unauthorized-media-upload</loc>
<lastmod>2026-02-17T17:43:19.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-pro/real-estate-pro-214-reflected-cross-site-scripting</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-user-registration-payment-and-user-login-6043-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar-shortcode/the-events-calendar-shortcode-block-311-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-329-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hunk-companion/hunk-companion-184-missing-authorization-to-unauthenticated-arbitrary-plugin-installationactivation</loc>
<lastmod>2024-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gnucommerce/gnucommerce-154-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-refund-and-exchange-lite/return-refund-and-exchange-for-woocommerce-455-insecure-direct-object-reference-to-authenticated-subscriber-arbitrary-order-message-read</loc>
<lastmod>2025-11-20T18:56:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-media-builder/social-media-share-buttons-210-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-smart-flexslider/smart-flexslider-25-reflected-cross-site-scripting</loc>
<lastmod>2025-07-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpc-smart-messages/wpc-smart-messages-for-woocommerce-428-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attribute</loc>
<lastmod>2026-04-27T15:55:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dukapress/dukapress-254-directory-traversal</loc>
<lastmod>2014-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/energox/energox-12-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2026-03-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-contactform/wp-contactform-15-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2008-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-links-manager-extension/mainwp-links-manager-extension-21-unauthenticated-php-object-injection</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-admin-microblog/wp-admin-microblog-311-cross-site-request-forgery-to-message-creation</loc>
<lastmod>2025-11-17T20:10:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/estonian-shipping-methods-for-woocommerce/estonian-shipping-methods-for-woocommerce-172-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-7113-sql-injection</loc>
<lastmod>2021-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-downloader/simple-file-downloader-104-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/float-menu/float-menu-612-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-xintaoke/wordpress-112-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-page-template/add-custom-page-template-201-authenticated-administrator-php-code-injection-to-remote-code-execution</loc>
<lastmod>2025-04-25T16:49:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ooohboi-steroids-for-elementor/ooohboi-steroids-for-elementor-2124-authenticated-contributor-stored-cross-site-scripting-via-multiple-url-controls</loc>
<lastmod>2026-03-04T14:44:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auctions/wordpress-auction-plugin-37-unauthenticated-sql-injection</loc>
<lastmod>2024-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-manager-pro/real-estate-manager-pro-1273-reflected-cross-site-scripting</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/muji/muji-120-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-hide-success-message/contact-form-8211-7-hide-success-message-114-missing-authorization</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-simple-registration/simple-registration-for-woocommerce-158-cross-site-request-forgery-to-privilege-escalation-via-role-request-approval</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-keywords-meta-description/meta-keywords-description-08-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payform/payform-20-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reroute-email/wp-reroute-email-146-cross-site-request-forgery</loc>
<lastmod>2023-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-9300-missing-authorization-to-unauthenticated-arbitrary-post-deletion</loc>
<lastmod>2025-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-for-wp/mc4wp-mailchimp-for-wordpress-486-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-02T07:15:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-firebase-sms-otp-verification/miniorange-otp-verification-with-firebase-360-unauthenticated-arbitrary-user-password-change</loc>
<lastmod>2024-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/google-analytics-for-wordpress/monsterinsights-google-analytics-dashboard-for-wordpress-website-stats-made-easy-533-cross-site-scripting</loc>
<lastmod>2015-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/usernoise/usernoise-modal-feedback-contact-form-379-cross-site-scripting</loc>
<lastmod>2013-08-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-326-authenticated-administrator-sql-injection-via-_selected</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/javo-core/javo-core-300266-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/realtyelite/realtyelite-100-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/resmushit-image-optimizer/resmushit-043-missing-authorization</loc>
<lastmod>2022-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prolingua/prolingua-1112-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-categories/gallery-categories-by-bestwebsoft-109-reflected-cross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-manager-for-wp-e-commerce/smart-manager-8450-missing-authorization</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-real-estate/essential-real-estate-171-reflected-cross-site-scripting</loc>
<lastmod>2019-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hotjar/hotjar-1015-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-thumbnail/wp-thumbnail-11-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-10-21T20:18:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-multivendor-membership/wcfm-membership-2100-missing-authorization</loc>
<lastmod>2023-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sailthru-triggermail/sailthru-triggermail-11-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-tiktok-feed/tiktok-feed-1023-missing-authorization</loc>
<lastmod>2025-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextend-facebook-connect/nextend-social-login-and-register-3121-cross-site-request-forgery-to-unlink-user-social-login</loc>
<lastmod>2025-11-27T14:54:41.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4513-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oceanwp/oceanwp-409-411-cross-site-request-forgery-to-ocean-extra-plugin-installation</loc>
<lastmod>2025-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-lockdown/login-lockdown-protection-214-ip-block-bypass</loc>
<lastmod>2025-12-12T15:27:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xv-random-quotes/xv-random-quotes-140-reflected-cross-site-scripting</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/author-chat/author-chat-190-sql-injection</loc>
<lastmod>2019-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/taskbuilder/taskbuilder-wordpress-project-task-management-plugin-304-authenticated-admin-sql-injection</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wps-hide-login/wps-hide-login-10-cross-site-request-forgery</loc>
<lastmod>2015-04-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-memberships-pro/paid-memberships-pro-298-unauthenticated-sql-injection</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/persian-woocommerce-sms/-persian-woocommerce-sms-440-cross-site-scripting-and-sql-injection</loc>
<lastmod>2022-04-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gamipress/gamipress-gamification-plugin-to-reward-points-achievements-badges-ranks-in-wordpress-787-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quotes-collection/quotes-collection-206-cross-site-scripting</loc>
<lastmod>2016-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-exit-box-lite/wordpress-exit-box-lite-106-cross-site-request-forgery</loc>
<lastmod>2013-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shiftcontroller/shiftcontroller-employee-shift-scheduling-4957-authenticated-contributor-php-object-injection</loc>
<lastmod>2024-05-16T07:20:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tenweb-speed-optimizer/10web-booster-website-speed-optimization-cache-page-speed-optimizer-21344-missing-authorization-in-settings-import-to-stored-cross-site-scripting</loc>
<lastmod>2023-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/comments-wpdiscuz-314-reflected-cross-site-scripting</loc>
<lastmod>2016-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-playlist-and-gallery-plugin/post-video-players-1163-authenticated-contributor-information-exposure</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-232-unauthenticated-arbitrary-file-download</loc>
<lastmod>2025-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-default-login-logo-url-and-title/change-default-login-logourl-and-title-20-cross-site-request-forgery</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterstudy-lms-learning-management-system/masterstudy-lms-3528-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/free-product-table-for-woocommerce/free-woocommerce-product-table-view-178-missing-authorization-to-arbitrary-content-deletion</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/all-in-one-wp-migration/all-in-one-wp-migration-645-reflected-cross-site-scripting</loc>
<lastmod>2017-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/notificationx/notificationx-320-unauthenticated-dom-based-cross-site-scripting-via-nx-preview</loc>
<lastmod>2026-01-20T01:49:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-wishlist-for-more-convert/mc-woocommerce-wishlist-191-reflected-cross-site-scripting</loc>
<lastmod>2025-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ecab-taxi-booking-manager/e-cab-taxi-booking-manager-for-woocommerce-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4320-missing-authorization</loc>
<lastmod>2026-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clover-online-orders/smart-online-order-for-clover-160-cross-site-request-forgery</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-220-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforo/wpforo-forum-234-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/v-form/vform-300-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/groundhogg/groundhogg-crm-newsletters-and-marketing-automation-44-authenticated-sales-representative-arbitrary-file-deletion</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-bigpost-shipping/big-post-shipping-for-woocommerce-212-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-29T15:21:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdatatables/wpdatatables-premium-6501-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager/bit-file-manager-100-free-open-source-file-manager-and-code-editor-for-wordpress-655-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2024-09-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xsmart/xsmart-1294-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-form/contact-form-builder-by-bit-form-210-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-07-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-graphql/wpgraphql-023-information-exposure</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theplus_elementor_addon/the-plus-addons-for-elementor-pro-506-sensitive-data-disclosure</loc>
<lastmod>2021-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paid-downloads/paid-downloads-315-unauthenticated-sql-injection</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/azon-addon-js-composer/amazon-affiliates-addon-for-wpbakery-page-builder-formerly-visual-composer-12-reflected-cross-site-scripting</loc>
<lastmod>2025-07-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-226-insecure-direct-object-reference-to-authenticated-employer-arbitrary-job-deletion</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/td-composer/tagdiv-composer-542-reflected-cross-site-scripting</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listdom/listdom-business-directory-and-classified-ads-listings-wordpress-plugin-370-authenticated-contributor-stored-cross-site-scripting-via-shortcode-parameter</loc>
<lastmod>2024-12-03T21:33:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-reactions-lite/wp-reactions-lite-133-cross-site-scripting</loc>
<lastmod>2021-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/user-profile-builder-beautiful-user-registration-forms-user-profiles-user-role-editor-3135-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2025-04-15T12:34:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/fluent-forms-620-authenticated-subscriber-authorization-bypass-via-table-parameter</loc>
<lastmod>2026-05-13T18:08:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/userswp/userswp-1258-authenticated-subscriber-server-side-request-forgery-via-uwp_crop-parameter</loc>
<lastmod>2026-04-10T12:14:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booked/booked-225-missing-authorization-on-ajax-actions</loc>
<lastmod>2020-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mitfahrgelegenheit/mitfahrgelegenheit-115-authenticated-contributor-stored-cross-site-scripting-via-date-parameter</loc>
<lastmod>2025-09-10T18:45:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1246-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2023-08-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/incoming-links/incoming-links-0910b-stored-cross-site-scripting</loc>
<lastmod>2015-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mcjh-button-shortcode/mcjh-button-shortcode-164-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xmasb-quotes/xmasb-quotes-161-reflected-cross-site-scripting</loc>
<lastmod>2025-08-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bizlibrary/bizlibrary-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-sidebar-widget/login-widget-with-shortcode-612-open-redirect</loc>
<lastmod>2024-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-flamingo/advanced-flamingo-10-cross-site-request-forgery</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amazon-showcase-wordpress-widget/amazon-showcase-wordpress-plugin-22-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-source-control/wp-source-control-311-directory-traversal</loc>
<lastmod>2014-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3316-missing-authorization</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elegance-menu/elegance-menu-19-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-11-03T15:34:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admail/admail-multilingual-back-in-stock-notifier-for-woocommerce-170-missing-authorization</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-post-widget/quick-post-widget-191-multiple-cross-site-scripting</loc>
<lastmod>2012-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joan/jock-on-air-now-562-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-292-missing-authorization</loc>
<lastmod>2023-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-post-limits/custom-post-limits-441-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-09-12T21:26:40.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-273-cross-site-scripting</loc>
<lastmod>2018-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workreap/workreap-222-cross-site-request-forgery</loc>
<lastmod>2021-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wangguard/wangguard-172-reflected-cross-site-scripting</loc>
<lastmod>2016-07-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hero-banner-ultimate/hero-banner-ultimate-144-authenticated-author-local-file-inclusion</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/b-slider/b-slider-slider-for-your-block-editor-1112-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-digest/rss-digest-15-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-members/wp-members-membership-plugin-3544-unauthenticated-information-exposure-via-unprotected-files</loc>
<lastmod>2026-01-06T14:17:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediavine-create/create-by-mediavine-197-authenticated-contributor-stored-cross-site-scripting-via-schema-meta-shortcode</loc>
<lastmod>2024-06-26T19:03:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-subscribe-list/mail-subscribe-list-209-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-763-insecure-direct-object-reference-to-post-rating-increasedecrease</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-security-audit-log/wp-activity-log-401-missing-authorization</loc>
<lastmod>2020-03-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/trinity-backup/trinity-backup-backup-migrate-restore-clone-schedule-backups-209-unauthenticated-information-exposure</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cpo-content-types/cpo-content-types-110-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bp-profile-search/bp-profile-search-453-php-object-injection</loc>
<lastmod>2016-12-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leaflet-maps-marker/leaflet-maps-marker-google-maps-openstreetmap-bing-maps-231-cross-site-scripting</loc>
<lastmod>2012-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/momoyoga-integration/yoga-schedule-momoyoga-270-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-speedload/youtube-speedload-063-cross-site-request-forgery</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stream/stream-401-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themeisle-companion/orbit-fox-by-themeisle-21043-authenticated-contributor-stored-cross-site-scripting-via-pricing-table-widget</loc>
<lastmod>2025-01-09T18:25:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ns-woocommerce-watermark/ns-woocommerce-watermark-2113-abuse-of-functionality</loc>
<lastmod>2022-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nex-forms-express-wp-form-builder/nex-forms-833-authenticated-administrator-sql-injection</loc>
<lastmod>2023-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/animation-addons-for-elementor/animation-addons-for-elementor-gsap-powered-elementor-addons-website-templates-267-authenticated-contributor-dom-based-stored-cross-site-scripting-via-multiple-parameters</loc>
<lastmod>2026-06-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-453-missing-authorization-in-savesitemapsettings</loc>
<lastmod>2023-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/change-login-logo/change-wordpress-login-logo-114-stored-cross-site-scripting</loc>
<lastmod>2020-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-1311-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-09-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cryout-serious-slider/serious-slider-124-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xcloner-backup-and-restore/backup-restore-and-migrate-wordpress-sites-with-the-xcloner-plugin-314-path-traversal-to-sensitive-information-disclosure</loc>
<lastmod>2016-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-print/download-pdf-print-by-bestwebsoft-wordpress-posts-and-pages-pdf-generator-plugin-193-cross-site-scripting</loc>
<lastmod>2017-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lazy-load-for-videos/lazy-load-for-videos-2187-authenticated-contributor-stored-cross-site-scripting-via-data-video-title-and-href-attributes</loc>
<lastmod>2025-08-26T12:22:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/weixin-robot-advanced/-621-reflected-cross-site-scripting</loc>
<lastmod>2023-02-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/school-management/school-management-system-for-wordpress-560-cross-site-request-forgery</loc>
<lastmod>2019-07-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/social-networks-auto-poster-facebook-twitter-g/nextscripts-social-networks-auto-poster-3417-stored-cross-site-scripting</loc>
<lastmod>2015-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstore-api/mstore-api-4101-cross-site-request-forgery</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/captchinoo-captcha-for-login-form-protection/captchinoo-captcha-23-missing-authorization-to-arbitrary-plugin-installationactivation</loc>
<lastmod>2021-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/paytium/paytium-436-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/olympus-google-fonts/google-fonts-typography-302-authenticated-contributor-stored-cross-site-scripting-via-blocktype-arguments</loc>
<lastmod>2021-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wibar/wibar-wine-and-vineyard-woocommerce-wordpress-theme-121-cross-site-scripting</loc>
<lastmod>2020-11-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donate-visa/donate-visa-100-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/chapterone/chapterone-17-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ctabs/ctabs-13-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rafflepress/giveaways-and-contests-by-rafflepress-11216-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/staff-directory-pro/staff-directory-plugin-company-directory-43-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpextended/the-ultimate-wordpress-toolkit-wp-extended-308-authenticated-subscriber-arbitrary-options-update</loc>
<lastmod>2024-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-free-widgets-addons-templates-1565-missing-authorization</loc>
<lastmod>2023-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mail-masta/mail-masta-10-local-file-inclusion</loc>
<lastmod>2016-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/countdown-with-background/countdown-with-image-or-video-background-15-reflected-cross-site-scripting</loc>
<lastmod>2026-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-1226-reflected-cross-site-scripting</loc>
<lastmod>2021-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sfwd-lms/learndash-lms-253-arbitrary-file-upload</loc>
<lastmod>2018-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ghl-wizard/lc-wizard-140-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/file-manager-advanced/advanced-file-manager-524-sensitive-information-exposure-via-directory-listing</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gseor/gseor-wordpress-seo-plugin-13-authenticated-admin-sql-injection</loc>
<lastmod>2021-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lastudio-element-kit/la-studio-element-kit-for-elementor-136-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/assistant/assistant-143-authenticated-editor-server-side-request-forgery</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-7513-reflected-cross-site-scripting-via-link_price-and-link_tags</loc>
<lastmod>2024-02-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/et-core-plugin/xstore-core-56-reflected-cross-site-scripting</loc>
<lastmod>2025-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-payments/woocommerce-payments-450-payment-bypass</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multitasking/wp-multitasking-0112-cross-site-request-forgery-to-exit-popup-update</loc>
<lastmod>2024-08-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/device-theme-switcher/plugin-name-device-theme-switcher-302-cross-site-request-forgery</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-redirect-thank-you-page/contact-form-7-redirect-thank-you-page-107-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qtranslate-slug/qtranslate-slug-1118-cross-site-request-forgery-bypass</loc>
<lastmod>2021-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forminator/forminator-1152-admin-stored-cross-site-scripting</loc>
<lastmod>2021-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-quantity-for-woocommerce/min-max-step-quantity-limits-manager-for-woocommerce-510-cross-site-request-forgery</loc>
<lastmod>2025-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w4-post-list/w4-post-list-245-reflected-cross-site-scripting</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22028-arbitrary-redirect-via-redir</loc>
<lastmod>2023-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ulike/wp-ulike-474-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-block-editor-addons/responsive-blocks-page-builder-for-blocks-patterns-220-missing-authorization</loc>
<lastmod>2026-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3243-reflected-cross-site-scripting</loc>
<lastmod>2022-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-312-authenticated-subscriber-sql-injection</loc>
<lastmod>2023-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/translation-pro/translationpro-100-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-by-rank-math/rank-math-seo-ai-seo-tools-to-dominate-seo-rankings-10271-missing-authorization</loc>
<lastmod>2026-06-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accessibe/web-accessibility-by-accessibe-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-amazon-product-information/easy-amazon-product-information-401-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-7105-unauthenticated-sensitive-information-exposure-via-unprotected-back-up-files</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-appointment-schedule-booking-system/wordpress-appointment-schedule-booking-system-10-stored-cross-site-scripting</loc>
<lastmod>2016-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alttext-ai/download-alt-text-ai-11015-missing-authorization</loc>
<lastmod>2026-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-whois-domain/wp-whois-domain-100-reflected-cross-site-scripting</loc>
<lastmod>2017-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dolcino/dolcino-16-authenticated-subscriber-insecure-direct-object-reference</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-2912-authenticated-subscriber-arbitrary-file-deletion-via-current_user_avatar-parameter</loc>
<lastmod>2025-12-11T15:08:20.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otter-blocks/otter-blocks-gutenberg-blocks-page-builder-for-gutenberg-editor-fse-304-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-31T22:04:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-simple-paypal-shopping-cart/simple-shopping-cart-529-unauthenticated-insecure-direct-object-reference</loc>
<lastmod>2026-06-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/yaaburnee-themes/yaaburnee-107-and-dignitas-119-privilege-escalation</loc>
<lastmod>2015-03-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/top_bar_promoter/xpromoter-134-reflected-cross-site-scripting</loc>
<lastmod>2026-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-taxonomy-meta/category-and-taxonomy-meta-fields-100-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/menu-ordering-reservations/restaurant-menu-food-ordering-system-table-reservation-235-authenticated-contributor-cross-site-scripting</loc>
<lastmod>2023-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1020-authenticated-contributor-stored-cross-site-scripting-via-image-comparison-and-subscribe-widgets</loc>
<lastmod>2025-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/iona/iona-108-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/facebook-like-send-button/peadigs-like-share-button-115-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newstatpress/newstatpress-103-stored-cross-site-scripting</loc>
<lastmod>2015-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/country-blocker/country-blocker-32-reflected-cross-site-scripting</loc>
<lastmod>2024-12-11T15:36:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/qi-addons-for-elementor/qi-addons-for-elementor-163-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2023-11-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-otp-verification/miniorange-otp-login-verification-and-sms-notifications-549-unauthenticated-privilege-escalation</loc>
<lastmod>2026-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-cafe-addon-for-elementor/restaurant-cafe-addon-for-elementor-152-cross-site-request-forgery</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/just-custom-fields/just-custom-fields-332-cross-site-request-forgery-via-ajax-actions</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-product-feed-pro/product-feed-pro-for-woocommerce-1121-reflected-cross-site-scripting</loc>
<lastmod>2022-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/connect-daily-web-calendar/wordpress-events-calendar-plugin-connectdaily-154-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-212-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2021-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twitter-shortcode/twitter-shortcode-09-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bit-smtp/bit-smtp-easy-smtp-solution-with-email-logs-122-missing-authorization</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/restaurant-reservations/five-star-restaurant-reservations-2629-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/event-monster/event-management-tickets-booking-143-unauthenticated-information-exposure</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-0885-cross-site-scripting-via-rules0content-parameter</loc>
<lastmod>2018-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/2d-tag-cloud-widget-by-sujin/2d-tag-cloud-602-reflected-cross-site-scripting-via-add_query_arg-parameter</loc>
<lastmod>2024-10-11T16:36:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/super-custom-login/super-custom-login-11-missing-authorization</loc>
<lastmod>2026-02-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder-block/popup-builder-with-gamification-220-unauthenticated-sql-injection-via-multiple-rest-api-endpoints</loc>
<lastmod>2026-02-04T11:20:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zota/zota-138-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/review-for-discount/reviewify-107-missing-authorization-to-authenticated-contributor-arbitrary-woocommerce-coupon-creation</loc>
<lastmod>2026-01-06T20:33:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ameliabooking/amelia-booking-83-912-authenticated-customer-insecure-direct-object-reference-to-arbitrary-user-password-change</loc>
<lastmod>2026-03-25T15:31:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/faustwp/faustjs-187-missing-authorization</loc>
<lastmod>2026-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stratum/stratum-1315-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/breakdance/breakdance-172-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-31T17:54:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-theme-addons/unlimited-theme-addon-for-elementor-and-woocommerce-122-authenticated-contributor-post-disclosure</loc>
<lastmod>2025-01-10T19:00:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-payment/simple-payment-246-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pagelayer/page-builder-pagelayer-drag-and-drop-website-builder-209-authenticated-contributor-stored-cross-site-scripting-via-anchor-block</loc>
<lastmod>2026-06-12T19:06:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-4513-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4247-reflected-cross-site-scripting</loc>
<lastmod>2024-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medical-addon-for-elementor/medical-addon-for-elementor-164-authenticated-contributor-stored-cross-site-scripting-via-typewriter-widget</loc>
<lastmod>2025-08-01T18:51:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ova-events/ovatheme-events-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/column-matic/column-matic-133-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/joly/joly-1220-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-10-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-email-newsletter/wp-email-newsletter-11-reflected-cross-site-scripting</loc>
<lastmod>2025-01-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gum-elementor-addon/gum-elementor-addon-137-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/generatepress-premium/generatepress-premium-232-authenticatedcontributor-stored-cross-site-scripting-via-custom-meta</loc>
<lastmod>2024-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdiscuz/wpdiscuz-765-unauthenticated-sql-injection</loc>
<lastmod>2023-09-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-of-zoho-crm-and-contact-form-7/integration-of-zoho-crm-and-contact-form-7-106-open-redirect</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/your-text-manager/your-text-manager-030-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwr-tooltip/iwr-tooltip-10-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2026-05-26T17:27:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-meta-data-manager/post-meta-data-manager-123-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/plugin-central/plugin-central-251-reflected-cross-site-scripting</loc>
<lastmod>2015-11-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-wp-shop-lite/real-wp-shop-lite-ajax-ecommerce-shopping-cart-208-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vidorev/vidorev-2999997-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/srs-player/live-streaming-video-player-by-srs-player-1018-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grace-mag/grace-mag-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/geomagazine/geo-magazine-theme-20-reflected-cross-site-scripting</loc>
<lastmod>2020-08-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/highlight-and-share/highlight-and-share-520-missing-authorization</loc>
<lastmod>2025-12-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seo-redirection/seo-redirection-plugin-301-redirect-manager-78-cross-site-request-forgery</loc>
<lastmod>2021-09-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksable/bricksable-for-bricks-builder-1683-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-for-paygent-payment-main/paygent-for-woocommerce-246-missing-authorization-to-unauthenticated-payment-callback-manipulation</loc>
<lastmod>2026-01-16T19:57:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-blocks/gutenberg-blocks-by-kadence-blocks-349-authenticated-contributor-stored-cross-site-scripting-via-icon</loc>
<lastmod>2025-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/favicon-generator/favicon-generator-15-cross-site-request-forgery-to-arbitrary-file-upload</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affs/sumo-affiliates-pro-1140-unauthenticated-php-object-injection</loc>
<lastmod>2026-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginpress/loginpress-331-cross-site-request-forgery-to-arbitrary-options-update</loc>
<lastmod>2025-03-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-party/illi-link-party-10-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zippy/zippy-165-authenticatedauthor-php-object-injection-via-unzipposts</loc>
<lastmod>2023-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-and-rental-manager-for-woocommerce/booking-and-rental-manager-for-bike-car-resort-appointment-dress-equipment-plugin-for-wordpress-221-missing-authorization</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-210-authenticated-subscriber-information-exposure</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chatbot/ai-chatbot-455-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nd-booking/hotel-booking-36-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idx-broker-platinum/impress-for-idx-broker-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-121-authenticated-author-arbitrary-file-manipulation</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-2110-unauthenticated-sql-injection</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-thank-you-page-nextmove-lite/nextmove-lite-2230-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/turbo-addons-elementor/turbo-addons-for-elementor-177-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-body-class/custom-body-class-060-cross-site-scripting</loc>
<lastmod>2019-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easing-slider/easing-slider-308-missing-authorization-to-unauthenticated-settings-reset</loc>
<lastmod>2023-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-208-authenticated-contributor-sql-injection</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/vikinger/vikinger-1930-authenticated-subscriber-privilege-escalation-via-vikinger_user_meta_update_ajax</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-event-solution/eventin-4034-authenticated-contributor-privilege-escalation-via-user-email-changeaccount-takeover</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-ecommerce-payments-and-subscriptions-made-easy-3361-unauthenticated-private-post-title-disclosure</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-visitor-counter/the-visitor-counter-143-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embed-pdf-viewer/embed-pdf-viewer-247-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-by-esterox-100/business-card-100-authenticated-admin-arbitrary-file-uplaod</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-xml-sitemap-generator/video-xml-sitemap-generator-100-cross-site-request-forgery-via-video_sitemap_generate</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-appointments/easy-appointments-31118-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/the-monday/accesspress-themes-and-plugin-various-versions-missing-authorization-to-arbitrary-plugin-deactivationactivation</loc>
<lastmod>2022-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webinar-ignition/webinarignition-40986-unauthenticated-sql-injection</loc>
<lastmod>2026-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress-import-export/learnpress-export-import-409-reflected-cross-site-scripting</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dp-alterminator-missing-alt-manager/dp-alterminator-missing-alt-manager-102-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/table-of-contents-plus/table-of-contents-plus-2411-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clever-fox/clever-fox-one-click-website-importer-by-nayra-themes-2520-missing-authorization-to-arbitrary-theme-activation-via-clever-fox-activate-theme</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-226-cross-site-request-forgery-to-arbitrary-ticket-deletion</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wd-google-maps/10web-map-builder-for-google-maps-1074-authenticated-administrator-sql-injection</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-200-arbitrary-file-modification</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-starter-templates-elementor-wordpress-templates-268-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-12-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/naver-blog-api/naver-blog-10-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-plugin/contact-form-by-bestwebsoft-395-reflectedcross-site-scripting</loc>
<lastmod>2017-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/DA10/dating-1120-missing-authorization</loc>
<lastmod>2026-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xagio-seo/xagio-seo-71016-unauthenticated-stored-cross-site-scripting-via-http_referer</loc>
<lastmod>2025-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/contact-form-entries-129-csv-injection</loc>
<lastmod>2022-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masjidal/muslim-prayer-time-salahiqamah-1811-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-08T22:01:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pirate-forms/contact-form-smtp-plugin-by-pirateforms-251-unauthenticated-html-injection</loc>
<lastmod>2019-07-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-query-shortcode/custom-query-shortcode-040-authenticated-contributor-path-traversal-via-lens-parameter</loc>
<lastmod>2025-08-24T21:19:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-custom-checkout-fields/woocommerce-custom-checkout-fields-editor-with-drag-drop-01-reflected-cross-site-scripting-via-tab</loc>
<lastmod>2023-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-286-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/everest-forms-pro/everest-forms-pro-194-unauthenticated-path-traversal-to-arbitrary-file-deletion</loc>
<lastmod>2025-06-24T20:22:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/primer-mydata/primer-mydata-for-woocommerce-425-cross-site-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/urdu-formatter-shamil/urdu-formatter-shamil-01-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/username-updater/easy-username-updater-103-cross-site-request-forgery-to-username-change</loc>
<lastmod>2022-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hot-linked-image-cacher/hot-linked-image-cacher-116-cross-site-request-forgery</loc>
<lastmod>2022-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-indexer/post-indexer-3061-php-object-injection</loc>
<lastmod>2016-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tiny-compress-images/tinypng-343-cross-site-request-forgery</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/library-management-system/library-management-system-31-missing-authorization-to-authenticated-subscriber-settings-manipulation</loc>
<lastmod>2025-10-14T19:59:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/midi/midi-sound-music-wordpress-theme-114-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sortsearch/simple-sortsearch-003-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-google-places-review-slider/google-review-slider-174-missing-authorization</loc>
<lastmod>2025-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dokan-lite/dokan-375-unauthenticated-sql-injection</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventprime-event-calendar-management/eventprime-events-calendar-bookings-and-tickets-4073-unauthenticated-stored-cross-site-scripting-via-ticket-category-and-ticket-type-name</loc>
<lastmod>2024-12-16T20:40:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zm-gallery/zm-gallery-10-authenticated-admin-sql-injection</loc>
<lastmod>2016-12-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wow-carousel-for-divi-lite/divi-carousel-lite-204-authenticated-contributor-stored-cross-site-scripting-via-image-carousel-and-logo-carousel-widgets</loc>
<lastmod>2025-01-24T20:40:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/use-any-font/use-any-font-617-cross-site-request-forgery-to-api-key-deactivation</loc>
<lastmod>2022-03-30T11:53:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/new-user-approve/new-user-approve-24-cross-site-request-forgery</loc>
<lastmod>2022-06-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-313-authenticated-contributor-sql-injection-via-shortcode</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/poll-maker/poll-maker-versus-polls-anonymous-polls-image-polls-546-authenticated-administrator-stored-cross-site-scripting-via-poll-settings</loc>
<lastmod>2024-10-25T11:53:39.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-composer-page-builder/page-builder-live-composer-1547-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-germanized/germanized-for-woocommerce-3205-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2026-04-13T17:42:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/music-press-pro/music-press-pro-146-missing-authorization</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fluentform/contact-form-plugin-by-fluentform-4312-csv-injection</loc>
<lastmod>2022-10-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-woosearch/ajax-woosearch-100-unauthenticated-sql-injection</loc>
<lastmod>2025-09-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/misiek-photo-album/misiek-photo-album-143-cross-site-request-forgery-to-album-deletion</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/iwp-client/infinitewp-client-137-privilege-escalation</loc>
<lastmod>2014-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/unlimited-elements-for-elementor/unlimited-elements-for-elementor-206-authenticated-contributor-arbitrary-file-read-via-path-traversal-in-repeater-jsoncsv-url-with-path-traversal</loc>
<lastmod>2026-04-16T17:54:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editor-custom-color-palette/editor-custom-color-palette-337-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-25T20:08:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ec-stars-rating/ec-stars-rating-1011-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/royal-elementor-addons/royal-elementor-addons-171001-reflected-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/plant/plant-gardening-houseplants-wordpress-theme-100-unauthenticated-information-exposure</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sureforms/sureforms-1131-missing-authorization-to-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2025-11-12T15:01:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpspeed/wpspeed-265-cross-site-request-forgery</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcf7-redirect/redirection-for-contact-form-7-233-unprotected-ajax-actions</loc>
<lastmod>2021-04-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nasa-core/nasa-core-644-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-manager/wp-user-manager-user-profile-builder-membership-2911-missing-authorization-to-authenticated-subscriber-user-meta-key-enumeration</loc>
<lastmod>2024-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/prolist/prolisting-directory-listing-12-reflected-cross-site-scripting</loc>
<lastmod>2020-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-securely-connects-to-the-mainwp-dashboard-to-manage-multiple-sites-611-missing-authorization</loc>
<lastmod>2026-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/account-switcher/account-switcher-102-authenticated-subscriber-authentication-bypass-to-privilege-escalation</loc>
<lastmod>2026-05-19T12:05:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-20231101-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gotmls/anti-malware-security-and-brute-force-firewall-42095-reflected-cross-site-scripting</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/svg-support/svg-support-2319-admin-cross-site-scripting</loc>
<lastmod>2022-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-footer-contacts/dn-footer-contacts-162-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/accelerated-mobile-pages/amp-for-wp-099719-missing-authorization</loc>
<lastmod>2018-10-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1373-authenticated-subscriber-insecure-direct-object-reference-via-woof_add_subscr</loc>
<lastmod>2025-12-17T23:25:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/swipehq-payment-gateway-woocommerce/swipehq-payment-gateway-woocommerce-271-reflected-cross-site-scripting</loc>
<lastmod>2014-05-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kadence-woocommerce-email-designer/kadence-woocommerce-email-designer-156-php-object-injection</loc>
<lastmod>2022-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/affieasy/affieasy-114-cross-site-request-forgery</loc>
<lastmod>2024-04-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-mailerlite/mailerlite-woocommerce-integration-208-cross-site-request-forgery-via-multiple-ajax-functions</loc>
<lastmod>2024-01-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/daiquiri/daiquiri-124-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/analytics-tracker/analytics-tracker-110-cross-site-scripting</loc>
<lastmod>2017-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-324-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-321-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/publitio/publitio-221-authenticated-contributor-arbitrary-file-read</loc>
<lastmod>2025-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-coming-soon-page/coming-soon-page-responsive-coming-soon-maintenance-mode-1118-cross-site-scripting-via-counter_title-parameter</loc>
<lastmod>2018-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-file-list/simple-file-list-423-remote-code-execution</loc>
<lastmod>2020-11-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-custom-content-after-post/add-custom-content-after-post-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simply-gallery-block/simply-gallery-3321-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thim-elementor-kit/thim-elementor-kit-133-authenticated-contributor-insecure-direct-object-reference</loc>
<lastmod>2025-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplr-sync/photo-engine-media-organizer-lightroom-649-authenticated-author-arbitrary-file-upload</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meta-tag-manager/meta-tag-manager-302-authenticated-subscriber-php-object-injection</loc>
<lastmod>2024-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/17track/17track-for-woocommerce-1210-reflected-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rexcrawler/rexcrawler-1015-authenticated-administrator-stored-cross-site-scripting-via-settings</loc>
<lastmod>2026-05-26T20:44:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-timeline-lite/bold-timeline-lite-114-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/syncfields/syncfields-41-reflected-cross-site-scripting</loc>
<lastmod>2025-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magic-import-document-extractor/magic-import-document-extractor-106-unauthenticated-sensitive-information-exposure</loc>
<lastmod>2026-02-03T19:32:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-tipdonation/woocommerce-tipdonation-12-authenticated-shop-manager-stored-cross-site-scripting-via-plugin-settings</loc>
<lastmod>2023-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/indeed-membership-pro/ultimate-membership-pro-86-cross-site-request-forgery</loc>
<lastmod>2020-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpvr/wp-vr-854-missing-authorization</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pretty-link/shortlinks-by-pretty-links-3615-missing-authorization</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s2member/s2member-framework-membership-member-level-roles-access-capabilities-paypal-members-111220-cross-site-scripting</loc>
<lastmod>2012-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41036-authenticated-contributor-stored-cross-site-scripting-via-countdown-widget</loc>
<lastmod>2024-07-02T18:52:03.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-211-missing-authorization-to-settings-update</loc>
<lastmod>2020-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-forms/smart-forms-2693-cross-site-request-forgery</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clp-varnish-cache/clp-varnish-cache-102-missing-authorization</loc>
<lastmod>2026-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cbxscratingreview/cbx-5-star-rating-review-107-reflected-cross-site-scripting-via-page-parameter</loc>
<lastmod>2026-05-21T14:51:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revisionary/publishpress-revisions-duplicate-posts-submit-approve-and-schedule-content-changes-3723-unauthenticated-sql-injection</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/raychat/raychat-221-cross-site-request-forgery</loc>
<lastmod>2025-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/link-library/link-library-771-reflected-cross-site-scripting</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailup-auto-subscribtion/mailup-auto-subscription-110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-27T18:48:10.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/joomsport-sports-league-results-management/joomsport-for-sports-team-league-football-hockey-more-525-authenticated-admin-sql-injection-via-orderby</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contests-from-rewards-fuel/contests-by-rewards-fuel-2064-authenticated-contributor-stored-cross-site-scripting-via-update_rewards_fuel_api_key</loc>
<lastmod>2024-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ajax-login-and-registration-modal-popup/ajax-login-and-registration-modal-popup-inline-form-223-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-spell-check/wp-spell-check-917-cross-site-request-forgery</loc>
<lastmod>2024-01-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/home-services/home-services-126-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2025-04-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/luzuk-testimonials/luzuk-testimonials-001-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-links-page/wp-links-page-491-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementor-pro/elementor-pro-305-authenticated-remote-code-execution-in-dynamic-ooo-widget</loc>
<lastmod>2020-10-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browsing-history/browsing-history-131-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy2map-photos/easy2map-photos-109-path-traversal</loc>
<lastmod>2015-06-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/complianz-gdpr/complianz-gdprccpa-cookie-consent-644-cross-site-request-forgery-via-ajax_script_add</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/thesography/exifography-131-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automatorwp/automatorwp-automator-plugin-for-no-code-automations-webhooks-custom-integrations-in-wordpress-536-missing-authorization-to-authenticated-subscriber-remote-code-execution-via-automation-creation</loc>
<lastmod>2025-09-08T17:53:28.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-profile-meta/user-profile-meta-manager-102-cross-site-request-forgery-to-privilege-escalation</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-pages/insert-pages-324-authenticated-directory-traversal</loc>
<lastmod>2017-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elements-plus/elements-plus-2162-authenticatedcontributor-stored-cross-site-scripting-via-widget-links</loc>
<lastmod>2024-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/table-contact-form-7-database-tablesome-1025-cross-site-request-forgery</loc>
<lastmod>2024-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wha-wordsearch/word-search-puzzles-game-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-406-missing-authorization-via-template_count</loc>
<lastmod>2023-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexa-blocks/nexa-blocks-110-authenticated-contributor-stored-cross-site-scripting-via-google-maps-widget</loc>
<lastmod>2025-09-29T15:26:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/litho-addons/litho-addons-34-missing-authorization</loc>
<lastmod>2025-10-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-security-firewall-5302-unauthenticated-login-page-disclosure</loc>
<lastmod>2025-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1372-authenticated-subscriber-insecure-direct-object-reference-via-woof_add_querywoof_remove_query</loc>
<lastmod>2025-12-03T00:25:34.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-summary-and-print/contact-form-7-summary-and-print-125-cross-site-request-forgery</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dethemekit-for-elementor/dethemekit-for-elementor-217-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-meta-seo/wp-meta-seo-454-authenticated-author-phar-deserialization</loc>
<lastmod>2023-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dj-rainflow/dj-rainflow-1313-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fsqm-pro/eform-wordpress-form-builder-4191-reflected-cross-site-scripting</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-term-order/term-order-210-cross-site-request-forgery</loc>
<lastmod>2026-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-scroll-for-reading/auto-scroll-for-reading-114-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/happy-elementor-addons/happy-addons-for-elementor-3122-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-field-list-widget/custom-field-list-widget-151-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fortis-for-woocommerce/fortis-for-woocommerce-120-missing-authorization-to-unauthenticated-arbitrary-order-status-update-to-paid-via-wc-api-endpoint</loc>
<lastmod>2026-02-03T19:44:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fast-search-powered-by-solr/sunny-search-102-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2023-05-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jch-optimize/jch-optimize-400-missing-authorization</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mpl-publisher/mpl-publisher-2180-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-strava/wp-strava-2121-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-11-12T13:25:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photonic/photonic-gallery-lightbox-for-flickr-smugmug-others-321-authenticated-contributor-stored-cross-site-scripting-via-caption-attribute</loc>
<lastmod>2025-11-17T20:47:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-541-authenticatededitor-php-object-injection</loc>
<lastmod>2023-09-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/soundcloud-shortcode/soundcloud-shortcode-401-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-timer/easy-timer-421-authenticated-editor-remote-code-execution-via-shortcode</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7314727-sql-injection</loc>
<lastmod>2019-05-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsblogger/newsblogger-0256-0261-cross-site-request-forgery-to-arbitrary-plugin-installation</loc>
<lastmod>2026-02-18T15:08:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/armember-membership/armember-4010-authenticated-subscriber-membership-plan-bypass</loc>
<lastmod>2023-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monetize-link/takeads-1013-missing-authorization-to-plugin-settings-deletion</loc>
<lastmod>2025-12-04T17:20:48.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/propertyhive/propertyhive-1546-reflected-cross-site-scripting-via-merge_ids</loc>
<lastmod>2023-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pet-manager/pet-manager-14-reflected-cross-site-scripting</loc>
<lastmod>2024-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bws-smtp/smtp-by-bestwebsoft-119-authenticated-administrator-arbitrary-file-upload</loc>
<lastmod>2025-03-07T17:30:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-front-end-login-and-register/wp-front-end-login-and-register-210-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mappress-google-maps-for-wordpress/mappress-maps-for-wordpress-2966-unauthenticated-insecure-direct-object-reference-via-rest-api-endpoints</loc>
<lastmod>2026-06-05T14:37:12.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cms-tree-page-view/cms-tree-page-view-089-cross-site-scripting</loc>
<lastmod>2012-03-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shared-files/shared-files-frontend-file-upload-form-secure-file-sharing-1742-limited-unauthenticated-stored-cross-site-scripting-via-file-upload</loc>
<lastmod>2025-01-30T17:22:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-onyx-poll/acf-onyx-poll-119-authenticated-contributor-stored-cross-site-scripting-via-class-parameter</loc>
<lastmod>2025-06-12T13:07:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/woodmart/woodmart-853-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enable-svg-webp-ico-upload/enable-svg-webp-ico-upload-102-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2022-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vc-tabs/tabs-responsive-tabs-with-woocommerce-product-tab-extension-360-authenticated-admin-arbitrary-options-update</loc>
<lastmod>2022-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-any-extension-to-pages/add-any-extension-to-pages-14-cross-site-request-forgery-via-aaetp_options_page</loc>
<lastmod>2023-12-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar-contact-form/booking-calendar-contact-form-1240-reflected-cross-site-scripting</loc>
<lastmod>2023-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/send-pdf-for-contact-form-7/send-pdf-for-contact-form-7-0991-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-online-ordering-and-delivery-platform/advanced-online-ordering-and-delivery-platform-200-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-manager/download-manager-3290-authenticated-contributor-stored-cross-site-scripting-via-wpdm-all-packages-shortcode</loc>
<lastmod>2024-05-30T20:30:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/better-anchor-links/better-anchor-links-175-cross-site-request-forgery-via-adminoptionsphp</loc>
<lastmod>2024-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/uk-cookie-consent/gdprccpa-cookie-consent-banner-32-missing-authorization-via-handle_consent_toggle</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/directorist/directorist-722-authenticated-admin-arbitrary-file-upload</loc>
<lastmod>2022-07-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gutenkit-blocks-addon/gutenkit-222-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-optimizer-wd/image-optimizer-by-10web-1026-authenticatedadministator-directory-traversal</loc>
<lastmod>2023-05-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reaction-buttons/reaction-buttons-216-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-02-17T15:48:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quiz-master-next/quiz-and-survey-master-804-improper-input-validation</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/agency-toolkit/agency-toolkit-1023-missing-authorization-to-unauthenticated-arbitrary-options-update</loc>
<lastmod>2024-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-visual-adverts/wp-visual-adverts-230-reflected-cross-site-scripting</loc>
<lastmod>2024-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/authors-autocomplete-meta-box/authors-autocomplete-meta-box-12-reflected-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-dj-manager/mdjm-event-management-1756-reflected-cross-site-scripting</loc>
<lastmod>2025-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/featured-image/featured-image-21-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-06-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-eMember/wp-emember-1065-cross-site-request-forgery-to-bulk-delete</loc>
<lastmod>2024-06-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-file-upload/wordpress-file-upload-4245-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagelinks-interactive-image-builder-lite/imagelinks-154-authenticated-admin-sql-injection</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/instagram-slider-widget/social-slider-feed-206-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/theme-translation-for-polylang/theme-and-plugin-translation-for-polylang-3216-missing-authorization</loc>
<lastmod>2022-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.5/wordpress-core-352-server-side-request-forgery</loc>
<lastmod>2013-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/relevanssi-premium/relevanssi-4212-free-and-2250-premium-missing-authorization-to-unauthorized-post-access</loc>
<lastmod>2024-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/saxon/saxon-viral-content-blog-magazine-marketing-wordpress-193-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mjm-clinic/mjm-clinic-1122-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-03-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-332-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/urbancity/urban-city-all-versions-arbitrary-file-download</loc>
<lastmod>2014-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/m-wp-popup/popup-custom-popup-builder-13-denial-of-service</loc>
<lastmod>2022-01-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/payflex-payment-gateway/payflex-payment-gateway-250-missing-authorization-to-order-status-update</loc>
<lastmod>2024-07-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.0/wordpress-core-2010-open-redirect</loc>
<lastmod>2007-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-with-phone-number/login-with-phone-number-137-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipping-labels-for-woo/woocommerce-shipping-label-238-authenticated-shop-manager-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/masterslider/master-slider-pro-365-reflected-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slicewp/wordpress-affiliates-plugin-slicewp-affiliates-1110-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/twentytwenty/twentytwenty-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-05T19:53:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acymailing/acymailing-smtp-newsletter-862-reflected-cross-site-scripting</loc>
<lastmod>2023-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/star-cloudprnt-for-woocommerce/star-cloudprnt-for-woocommerce-203-unauthenticated-cross-site-scripting</loc>
<lastmod>2023-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zarinpal-paid-downloads/zarinpal-paid-download-23-reflected-cross-site-scripting</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/question-answer/question-answer-1270-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-04-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-anti-spambot/contact-form-7-anti-spambot-101-missing-authorization</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-addon-uploads/file-uploads-addon-for-woocommerce-171-unauthenticated-sensitive-information-exposure-through-unprotected-directory</loc>
<lastmod>2025-02-17T15:46:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/popup-builder/popup-builder-create-highly-converting-mobile-friendly-marketing-popups-431-missing-authorization-and-nonce-exposure</loc>
<lastmod>2024-06-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-metabox/gallery-metabox-15-cross-site-request-forgery-via-gallery_remove</loc>
<lastmod>2023-04-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/caret-country-access-limit/caret-country-access-limit-102-cross-site-request-forgery</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cardgate/cardgate-payments-for-woocommerce-321-reflected-cross-site-scripting</loc>
<lastmod>2024-12-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zynith-seo/zynith-seo-749-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-637-authenticated-subscriber-insecure-direct-object-reference-to-unauthorized-ticket-reply-access-via-ticket_id-parameter</loc>
<lastmod>2026-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adrotate/adrotate-ad-manager-adsense-ads-5132-authenticated-admin-double-extension-arbitrary-file-upload</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/squirrels-auto-inventory/squirrels-auto-inventory-103-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-10T15:00:22.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-membership-after-login-redirection/simple-membership-after-login-redirection-16-open-redirect</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedded-cdn/canadahelps-embedded-donation-101-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-18T19:22:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-domain/mobile-domain-152-cross-site-request-forgery-and-stored-cross-site-scripting</loc>
<lastmod>2015-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ungrabber/ungrabber-313-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-all-import-pro/import-any-xml-or-csv-file-to-wordpress-324-reflected-cross-site-scripting</loc>
<lastmod>2015-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/2.8/wordpress-core-285-cross-site-scripting</loc>
<lastmod>2009-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/zt-captcha/zt-captcha-104-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2026-01-23T19:19:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-wordpress-lms-plugin-3272-sql-injection</loc>
<lastmod>2020-10-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js-support-ticket/js-help-desk-301-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-02-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/explara-membership/explara-membership-007-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-statistics/wp-statistics-12661-unauthenticated-blind-sql-injection</loc>
<lastmod>2019-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/element-ready-lite/elementsready-addons-for-elementor-662-cross-site-request-forgery</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpjobboard/wpjobboard-451-cross-site-scripting</loc>
<lastmod>2017-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/security-malware-firewall/security-malware-scan-by-cleantalk-2149-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-02-11T20:29:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/alo-easymail/alo-easymail-newsletter-2600-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2015-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/quick-adsense-reloaded/ads-by-wpquads-20871-missing-authorization</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/did-prestashop-display/did-prestashop-display-1030-cross-site-request-forgery</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/forget-about-shortcode-buttons/forget-about-shortcode-buttons-111-reflected-cross-site-scripting</loc>
<lastmod>2016-02-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/koko-analytics/koko-analytics-212-unauthenticated-sql-injection</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ag-custom-admin/absolutely-glamorous-custom-admin-723-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2024-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-with-inventory-order-manager-166-reflected-cross-site-scripting</loc>
<lastmod>2024-12-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yaycurrency/yaycurrency-32-authenticated-administrator-remote-code-execution</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cooked-pro/cooked-pro-1757-unauthenticated-php-object-injection</loc>
<lastmod>2022-11-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/textme-sms-integration/textme-sms-190-missing-authorization-via-tetxme_update_option_page</loc>
<lastmod>2023-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/xstore/xstore-938-unauthenticated-local-file-inclusion</loc>
<lastmod>2024-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sellkit/sellkit-funnel-builder-and-checkout-optimizer-for-woocommerce-to-sell-more-faster-198-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-06-05T15:30:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-abf-freight-edition/ltl-freight-quotes-abf-freight-edition-337-unauthenticated-sql-injection</loc>
<lastmod>2025-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/10to8-online-booking/10to8-online-appointment-booking-system-109-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-11-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/genoo/genoo-6010-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/orchid-store/orchid-store-1515-missing-authorization</loc>
<lastmod>2026-01-12T13:03:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-content-management/my-content-management-176-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/browser-shots/browser-screenshots-176-stored-cross-site-scripting</loc>
<lastmod>2021-06-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbpress-notify-nospam/bbpress-notify-2183-reflected-cross-site-scripting</loc>
<lastmod>2024-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-not-login-hide-wpnlh/wp-not-login-hide-10-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pdf-for-wpforms/pdf-for-wpforms-650-authenticated-subscriber-php-object-injection</loc>
<lastmod>2025-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supportcandy/supportcandy-226-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-01-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-footer-credit-remover/visual-footer-credit-remover-12-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yamaps/yamaps-0639-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/robo-gallery/robo-gallery-502-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-counter/download-counter-13-authenticated-contributor-stored-cross-site-scripting-via-name-parameter</loc>
<lastmod>2025-08-04T18:57:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newsdaily/newsdaily-1064-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mwp-herd-effect/herd-effects-523-cross-site-request-forgery-to-effect-deletion</loc>
<lastmod>2023-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sellsy/sellsy-233-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-06T15:05:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sunshine-photo-cart/sunshine-photo-cart-2913-missing-authorization</loc>
<lastmod>2022-12-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/get-cash/get-cash-322-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-contact-form7-for-elementor/awesome-contact-form7-for-elementor-30-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coming-soon-page/coming-soon-and-maintenance-mode-373-ip-address-spoofing-via-get_real_ip</loc>
<lastmod>2023-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/emphires/emphires-39-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2026-02-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woolentor-addons/woolentor-253-php-object-injection</loc>
<lastmod>2023-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rolo-slider/rolo-slider-109-missing-authorization-to-authenticatedsubscriber-settings-change</loc>
<lastmod>2024-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simplified/simplified-1011-authenticated-administrator-server-side-request-forgery</loc>
<lastmod>2025-08-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fusion-builder/fusion-builder-3132-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/members-page-only-for-logged-in-users/members-page-only-for-logged-in-users-142-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/pont/pont-15-arbitrary-options-update</loc>
<lastmod>2015-06-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pocket-news-generator/pocket-news-generator-020-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/ashe/ashe-2267-missing-authorization</loc>
<lastmod>2026-02-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-search/jetsearch-352-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-08-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meet-my-team/meet-my-team-205-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2022-09-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sticky-add-to-cart-woo/simple-sticky-add-to-cart-for-woocommerce-146-missing-authorization</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mstw-csv-exporter/mstw-csv-exporter-14-missing-authorization</loc>
<lastmod>2025-10-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/formstack/formstack-online-forms-202-missing-authorization</loc>
<lastmod>2025-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/online-accessibility/accessibility-suite-by-ability-inc-418-missing-authorization</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/my-tickets/my-tickets-1830-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2021-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-blocks/wp-travel-gutenberg-blocks-390-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-in-english-with-switch/admin-in-english-with-switch-11-cross-site-request-forgery</loc>
<lastmod>2025-09-10T18:51:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/mogi/mogi-123-missing-authorization</loc>
<lastmod>2026-02-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sliding-widgets/sliding-widgets-150-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/itsukaita/itsukaita-012-reflected-cross-site-scripting-via-day_from-parameter</loc>
<lastmod>2026-03-20T15:16:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog2social/blog2social-social-media-auto-post-scheduler-720-reflected-cross-site-scripting</loc>
<lastmod>2023-07-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nika/nika-128-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xt-woo-ajax-add-to-cart/xt-ajax-add-to-cart-for-woocommerce-112-reflected-cross-site-scripting</loc>
<lastmod>2024-09-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hide-my-wp/hide-my-wp-ghost-5401-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-03-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/accio-one-page/accio-responsive-onepage-parallax-site-template-111-sensitive-information-disclosure</loc>
<lastmod>2015-05-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/one-page-express-companion/one-page-express-companion-1637-authenticated-contributor-stored-cross-site-scripting-via-one_page_express_contact_form-shortcode</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/attributes-for-blocks/attributes-for-blocks-106-authenticated-contributor-stored-cross-site-scripting-via-attributesforblocks-parameter</loc>
<lastmod>2024-09-03T19:27:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webflow-pages/webflow-pages-108-missing-authorization</loc>
<lastmod>2023-12-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/structured-content/structured-content-161-authenticated-contributor-stored-cross-site-scripting-via-classic-editor-shortcode</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integration-for-contact-form-7-and-google-sheets/integration-for-google-sheets-and-contact-form-7-wpforms-elementor-ninja-forms-111-unauthenticated-php-object-injection-via-verify_field_val-function</loc>
<lastmod>2025-07-18T16:22:54.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/nexter/nexter-203-authenticated-subscriber-sql-injection-via-to-and-from</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/perfect-woocommerce-brands/perfect-brands-for-woocommerce-204-server-information-disclosure</loc>
<lastmod>2022-01-28T09:33:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-form-builder/easy-form-builder-338-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpinner-lite/xpinner-lite-22-cross-site-scripting</loc>
<lastmod>2015-09-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/katalogportal-pdf-sync/katalogportal-pdf-sync-widget-100-missing-authorization-to-authenticated-subscriber-information-disclosure-via-katalogportal_shortcodeprinter-ajax-action</loc>
<lastmod>2026-04-14T19:45:57.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/excellent/excellent-129-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-able-player/able-player-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-registration-form-builder-with-submission-manager/registrationmagic-custom-registration-forms-and-user-login-4603-authenticated-email-injection</loc>
<lastmod>2020-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/biteship/biteship-2224-reflected-cross-site-scripting-via-biteship_error-and-biteship_message</loc>
<lastmod>2024-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/icafe-library/icafe-library-183-authenticated-editor-sql-injection</loc>
<lastmod>2025-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addon-elements-for-elementor-page-builder/elementor-addon-elements-163-reflected-cross-site-scripting</loc>
<lastmod>2020-09-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activecampaign-for-woocommerce/activecampaign-for-woocommerce-197-cross-site-request-forgery</loc>
<lastmod>2022-12-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/stellissimo-text-box/stellissimo-text-box-114-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetwidgets-for-elementor/jetwidgets-for-elementor-1016-authenticatedcontributor-stored-cross-site-scripting-via-widget-button-url</loc>
<lastmod>2024-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-calendar/booking-calendar-appointment-booking-system-328-multiple-authenticatededitor-sql-injection</loc>
<lastmod>2023-09-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-fields-to-checkout-page-woocommerce/custom-woocommerce-checkout-fields-editor-131-missing-authorization</loc>
<lastmod>2024-04-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/insert-pages/insert-pages-374-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2022-12-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-entries/database-for-contact-form-7-wpforms-elementor-forms-149-missing-authorization-to-authenticated-contributor-sensitive-information-exposure-via-shortcode</loc>
<lastmod>2026-03-31T12:23:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/newseqo/newseqo-211-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/html5-jquery-audio-player/html5-jquery-audio-player-262-cross-site-scripting</loc>
<lastmod>2014-05-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-mailerlite-sign-up-forms/mailerlite-signup-forms-official-176-missing-authorization</loc>
<lastmod>2024-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpcomplete/wpcomplete-2952-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/download-monitor/download-monitor-481-authenticated-admin-server-side-request-forgery</loc>
<lastmod>2023-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amp-toolbox/amp-toolbox-211-cross-site-scripting</loc>
<lastmod>2017-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/project-source-code-download/project-source-code-download-100-unauthenticated-backup-download</loc>
<lastmod>2022-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-file-download/cf7-file-download-file-download-for-cf7-20-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-subscribers/email-subscribers-newsletters-422-missing-authorization-to-test-email</loc>
<lastmod>2019-11-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/js_composer/wpbakery-page-builder-841-authenticated-author-stored-cross-site-scripting-via-grid-builder</loc>
<lastmod>2025-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zegen/zegen-church-wordpress-theme-119-missing-authorization-to-authenticated-subscriber-theme-options-updates</loc>
<lastmod>2025-03-13T16:37:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-thumbtack-review-slider/wp-thumbtack-review-slider-26-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-08-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/searchiq/searchiq-the-search-solution-47-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-04T19:17:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-time-slots-booking-form/wp-time-slots-booking-form-1246-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/product-xml-feeds-for-woocommerce/product-xml-feed-manager-for-woocommerce-292-missing-authorization</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/double-the-donation/double-the-donation-200-cross-site-request-forgery</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/headline-analyzer/headline-analyzer-131-missing-authorization-via-rest-apis</loc>
<lastmod>2023-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-review/wordpress-review-plugin-the-ultimate-solution-for-building-a-review-website-535-authenticated-contributor-local-file-inclusion-via-post-custom-fields</loc>
<lastmod>2025-05-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eventer/eventer-398-reflected-cross-site-scripting</loc>
<lastmod>2025-02-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/loginizer/loginizer-138-139-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2018-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ovic-vc-addon/ovic-responsive-wpbakery-130-missing-authorization</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/listar-directory-listing/listar-directory-listing-classifieds-wordpress-plugin-300-missing-authorization-to-authenticated-subscriber-listing-update</loc>
<lastmod>2025-12-05T17:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-7-to-database-extension/contact-form-db-2817-reflected-cross-site-scripting</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/supreme-directory/supreme-directory-119-cross-site-scripting</loc>
<lastmod>2018-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/oberliga_theme/oberliga-theme-all-versions-sql-injection</loc>
<lastmod>2012-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagerecycle-pdf-image-compression/imagerecycle-pdf-image-compression-3114-cross-site-request-in-several-ajax-actions</loc>
<lastmod>2024-08-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pods/pods-custom-content-types-and-fields-321-authenticated-contributor-stored-cross-site-scripting-via-pod-form-redirect-url</loc>
<lastmod>2024-05-09T20:29:15.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/experto-custom-dashboard/experto-dashboard-for-woocommerce-104-authenticated-administrator-stored-cross-site-scripting-via-navigation-font-size-setting</loc>
<lastmod>2026-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/erp/wp-erp-1123-reflected-cross-site-scripting</loc>
<lastmod>2023-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/webwinkelkeur/webwinkelkeur-324-cross-site-request-forgery</loc>
<lastmod>2023-06-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fossura-tag-miner/tag-miner-automatic-tag-extraction-115-cross-site-request-forgery</loc>
<lastmod>2015-11-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-less-compiler/wp-less-compiler-130-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/w3-total-cache-0941-security-token-bypass-via-type-juggling</loc>
<lastmod>2016-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/oauth2-provider/wp-oauth-server-oauth-authentication-421-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2022-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ad-injection/ad-injection-12019-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tarteaucitron-wp/tarteaucitronjs-for-wordpress-030-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-connect/wordpress-256-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backend-designer/backend-designer-13-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pages-order/pages-order-113-reflected-cross-site-scripting</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user/wp-user-custom-registration-forms-login-and-user-profile-70-reflected-cross-site-scripting</loc>
<lastmod>2022-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-to-email/contact-form-email-101-cross-site-scripting</loc>
<lastmod>2014-11-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-gdpr/wordpress-gdpr-202-missing-authorization-to-unauthenticated-arbitrary-user-deletion</loc>
<lastmod>2024-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/metamagic/metamagic-seo-plugin-16-cross-site-request-forgery-to-plugin-settings-update-via-settings-page</loc>
<lastmod>2026-05-26T18:57:11.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flash-album-gallery/album-and-image-gallery-with-lightbox-flagallery-photo-portfolio-200-sql-injection</loc>
<lastmod>2012-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/listingpro/listingpro-wordpress-directory-listing-theme-261-arbitrary-plugin-installation-activation-and-deactivation</loc>
<lastmod>2020-12-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/import-products-to-wc/amazon-products-to-woocommerce-127-missing-authorization-to-unauthenticated-arbitrary-product-creation</loc>
<lastmod>2025-06-25T14:07:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/avif-support/avif-svg-uploader-110-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T21:14:05.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-column-widgets/responsive-column-widgets-127-open-redirect-via-responsive_column_widgets_link</loc>
<lastmod>2023-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/traveler/traveler-319-authenticated-contributor-local-file-inclusion-via-shortcode</loc>
<lastmod>2025-02-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-discussion-board/discussion-board-wordpress-forum-plugin-255-authenticated-subscriber-arbitrary-shortcode-execution</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-custom-fields-pro/advanced-custom-fields-pro-590-reflected-cross-site-scripting</loc>
<lastmod>2021-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/hydra-booking/hydra-booking-1132-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/noo-organici-library/organici-library-212-authenticated-subscriber-sql-injection</loc>
<lastmod>2026-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tourmaster/tour-master-tour-booking-travel-hotel-534-reflected-cross-site-scripting</loc>
<lastmod>2025-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/supermalink/supermalink-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-digital-downloads/easy-digital-downloads-2103-reflected-cross-site-scripting</loc>
<lastmod>2021-05-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buddyboss-platform/buddyboss-platform-2850-authenticated-subscriber-stored-cross-site-scripting-via-bbp_topic_title</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-reminders/email-reminders-204-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2024-12-09T20:57:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bbp-move-topics/bbpress-move-topics-116-reflected-cross-site-scripting</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tutor/tutor-lms-195-cross-site-scripting</loc>
<lastmod>2021-08-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smartkit/smartkit-10-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-05-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/booking-activities/booking-activities-11644-unauthenticated-privilege-escalation</loc>
<lastmod>2026-01-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/embedpress/embedpress-453-authenticated-contributor-stored-cross-site-scripting-via-block-url-attribute</loc>
<lastmod>2026-06-05T14:17:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mini-program/mini-program-api-145-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-06T21:27:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/maxgalleria/maxgalleria-644-authenticated-contributor-stored-cross-site-scripting-via-maxgallery_thumb-shortcode</loc>
<lastmod>2024-06-18T08:45:26.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/club-management-software/wordpress-membership-swiftcloudio-10-authenticated-admin-sql-injection</loc>
<lastmod>2021-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-wordpress-cursor-32-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2023-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/business-card-by-esterox-100/business-card-100-cross-site-request-forgery-to-category-edit</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/the-events-calendar/the-events-calendar-615122-missing-authorization</loc>
<lastmod>2026-01-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yellow-yard/yellow-yard-searchbar-2727-reflected-cross-site-scripting</loc>
<lastmod>2022-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clicksend-lead-capture-form/sms-for-lead-capture-forms-110-missing-authorization-to-authenticated-subscriber-arbitrary-message-deletion</loc>
<lastmod>2024-12-06T11:57:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-cloudflare-page-cache/super-page-cache-522-unauthenticated-stored-cross-site-scripting-via-activity-log</loc>
<lastmod>2026-02-13T19:48:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/templatespare/build-your-dream-website-fast-with-400-starter-templates-and-landing-pages-no-coding-needed-one-click-import-for-elementor-gutenberg-blocks-templatespare-242-missing-authorization-to-authenticated-subscriber-theme-update</loc>
<lastmod>2024-08-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tracking-code-manager/tracking-code-manager-2016-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpstorecart/idb-ecommerce-wpstorecart-5-2530-arbitrary-file-upload</loc>
<lastmod>2012-03-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/events-manager/events-manager-5973-admin-sql-injection</loc>
<lastmod>2020-06-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-plant-a-tree/i-plant-a-tree-173-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/buy-now-pay-later-addi/addi-cuotas-que-se-adaptan-a-ti-204-missing-authorization</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/lifterlms/lifterlms-800-reflected-cross-site-scripting</loc>
<lastmod>2025-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-coupon-usage/coupon-affiliates-543-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-03-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flexible-shipping-usps/usps-shipping-for-woocommerce-live-rates-194-sensitive-information-exposure</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-widgets-653-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-16T15:08:24.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptouch/wptouch-37-open-redirect</loc>
<lastmod>2015-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fv-wordpress-flowplayer/fv-flowplayer-video-player-7437727-authenticated-stored-cross-site-scripting</loc>
<lastmod>2021-01-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/official-sendle-shipping-method/sendle-shipping-602-cross-site-request-forgery</loc>
<lastmod>2025-09-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-2-factor-authentication/minioranges-google-authenticator-561-sensitive-data-exposure-of-multifactor-backup-codes</loc>
<lastmod>2022-11-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profilegrid-user-profiles-groups-and-communities/profilegrid-user-profiles-groups-and-communities-5936-missing-authorization-to-authenticated-subscriber-arbitrary-user-meta-deletion</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/customer-reviews-woocommerce/customer-reviews-for-woocommerce-5460-missing-authorization-to-authenticated-subscriber-arbitrary-email-sending</loc>
<lastmod>2024-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ulisting/directory-listings-wordpress-plugin-ulisting-220-authenticated-editor-arbitrary-file-download</loc>
<lastmod>2026-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shareaholic/wordpress-social-sharing-related-posts-analytics-shareaholic-7610-authenticated-subscriber-cross-site-scripting</loc>
<lastmod>2015-04-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/i-recommend-this/i-recommend-this-390-cross-site-request-forgery</loc>
<lastmod>2023-03-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-orders-tracking/orders-tracking-for-woocommerce-1014-reflected-cross-site-scripting</loc>
<lastmod>2021-12-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/truepush-free-web-push-notifications/truepush-108-missing-authorization</loc>
<lastmod>2024-09-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/high-compress/highcompress-image-compressor-500-missing-authorization-via-multiple-ajax-actions</loc>
<lastmod>2023-08-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/secure-admin-ip/secure-admin-ip-20-missing-authorization-via-savesettings</loc>
<lastmod>2023-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/location-click-map/location-click-map-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/photo-gallery/photo-gallery-by-10web-1814-authenticated-administrator-directory-traversal</loc>
<lastmod>2023-03-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-photo-gallery/photo-gallery-by-ays-570-authenticated-administrator-html-injection</loc>
<lastmod>2024-06-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/form-maker/form-maker-by-10web-11533-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/verge3d/verge3d-493-reflected-cross-site-scripting</loc>
<lastmod>2025-05-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/s3-bubble-amazon-s3-html5-video-with-adverts-07-directory-traversal-to-arbitrary-file-access</loc>
<lastmod>2015-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-coupons-and-deals/coupons-and-deals-324-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-donation-plugin-and-fundraising-platform-3130-missing-authorization-to-limited-information-exposure</loc>
<lastmod>2024-08-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/zita/zita-165-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-elements/powerpack-pro-for-elementor-v2130-missing-authorization</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-530-editor-stored-cross-site-scripting</loc>
<lastmod>2021-12-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coupon-reveal-button/coupon-discount-code-reveal-button-125-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mini-ajax-woo-cart/mini-ajax-cart-for-woocommerce-134-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2026-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gift-voucher/gift-cards-gift-vouchers-and-packages-432-unauthenticated-sql-injection</loc>
<lastmod>2023-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-openid-connect-client/wordpress-openid-connect-client-217-authentication-bypass</loc>
<lastmod>2022-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/dricub-driving-school/dricub-29-missing-authorization</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/3d-flipbook-dflip-lite/dearflip-2226-authenticated-contributor-stored-cross-site-scripting-via-force_fit</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpify-woo/wpify-woo-czech-356-reflected-cross-site-scripting</loc>
<lastmod>2022-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/post-duplicator/post-duplicator-3010-authenticated-contributor-php-object-injection</loc>
<lastmod>2026-04-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/locateandfilter/locateandfilter-1614-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-30T19:27:18.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mobile-call-now-map-buttons/mobile-call-now-map-buttons-162-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imageseo/optimize-images-alt-text-alt-tag-names-for-seo-using-ai-311-unauthenticated-full-path-disclosure</loc>
<lastmod>2024-07-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/transition-slider-lite/transition-slider-responsive-image-slider-and-gallery-2203-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ultimate-csv-importer/import-export-suite-for-csv-and-xml-datafeed-719-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-03-31T15:56:17.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/picture-gallery/picture-gallery-frontend-image-uploads-ajax-photo-list-1522-authenticated-contributor-stored-cross-site-scripting-via-videowhisper_picture_upload_guest-shortcode</loc>
<lastmod>2025-01-17T18:02:02.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/xpro-elementor-addons/xpro-addons-140-widgets-for-elementor-1424-authenticated-contributor-stored-cross-site-scripting-via-icon-box-widget</loc>
<lastmod>2026-04-03T13:35:46.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mediamatic/mediamatic-media-library-folders-280-sql-injection</loc>
<lastmod>2021-11-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/texteller/texteller-130-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/photography/photography-761-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2026-02-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eprolo-dropshipping/eprolo-dropshipping-231-missing-authorization-to-authenticated-subscriber-tracking-data-modification</loc>
<lastmod>2025-12-04T17:23:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/startklar-elmentor-forms-extwidgets/startklar-elementor-addons-1713-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2024-05-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-multilang/wp-multilang-2419-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/imagemapper/imagemapper-126-cross-site-request-forgery-to-plugin-settings-change-via-ajax</loc>
<lastmod>2023-11-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/footer-text/footer-text-203-cross-site-request-forgery-to-cross-site-scripting</loc>
<lastmod>2022-04-28T09:52:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/real-estate-pro/real-estate-pro-215-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-forms-css-themes-with-fontawesome-and-placeholder-support/gravity-forms-css-themes-with-fontawesome-and-placeholders-85-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wptemplata/wp-templata-107-reflected-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/grandblog/grand-blog-315-unauthenticated-server-side-request-forgery</loc>
<lastmod>2026-01-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kata-plus/kata-plus-153-unauthenticated-php-object-injection</loc>
<lastmod>2025-04-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-photo-album-plus/wp-photo-album-plus-9113005-unauthenticated-sql-injection</loc>
<lastmod>2026-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpappninja/wpmobileapp-1156-open-redirect-via-redirect-parameter</loc>
<lastmod>2025-02-19T19:45:56.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/registration-form-for-woocommerce/registration-form-for-woocommerce-109-unauthenticated-privilege-escalation</loc>
<lastmod>2026-06-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-jetpack/booster-for-woocommerce-711-authenticated-subscriber-information-disclosure-via-shortcode</loc>
<lastmod>2023-10-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/login-page-styler/custom-login-page-styler-711-missing-authorization-to-authenticated-subsciber-log-deletion-and-session-termination</loc>
<lastmod>2025-01-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/automate-hub-free-by-sperse-io/automate-hub-free-by-sperseio-170-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T15:40:21.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ltl-freight-quotes-rl-edition/ltl-freight-quotes-rl-carriers-edition-3313-missing-authorization-to-unauthenticated-settings-update</loc>
<lastmod>2026-04-07T15:25:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-bulk-delete/wp-bulk-delete-131-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pitchprint/pitchprint-1112-unauthenticated-arbitrary-file-deletion</loc>
<lastmod>2026-03-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meeting-list/meetinglist-011-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-11-03T15:32:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-symposium/wp-symposium-1411-authenticated-sql-injection</loc>
<lastmod>2014-11-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/content-control/content-control-210-missing-authorization-to-sensitive-information-exposure</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-customers-manager/woocommerce-customers-manager-296-authenticated-subscriber-sql-injection</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-226-insecure-direct-object-reference-to-authenticated-employer-arbitrary-company-deletion</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/meintopf/meintopf-021-reflected-cross-site-scripting</loc>
<lastmod>2025-02-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/beaver-builder-lite-version/beaver-builder-2744-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-recently-viewed-products/wc-recently-viewed-products-101-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/livemesh-siteorigin-widgets/livemesh-siteorigin-widgets-392-missing-authorization-to-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-05-26T17:33:59.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/add-search-to-menu/ivory-search-546-reflected-cross-site-scripting</loc>
<lastmod>2022-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-upload-vote-photos-media-sell-with-paypal-stripe-2816-authenticated-subscriber-stored-cross-site-scripting</loc>
<lastmod>2026-04-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kali-forms/kali-forms-248-insecure-direct-object-reference-to-authenticated-contributor-sensitive-form-data-exposure</loc>
<lastmod>2026-02-17T18:55:25.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bricksforge/bricksforge-3184-unauthenticated-information-exposure</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smpl-shortcodes/simple-shortcodes-1020-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/infugrator/infugrator-103-reflected-cross-site-scripting</loc>
<lastmod>2025-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premium-addons-for-elementor/premium-addons-for-elementor-41034-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortpixel-image-optimiser/shortpixel-image-optimizer-643-authenticated-author-stored-cross-site-scripting-via-attachment-title</loc>
<lastmod>2026-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-backpack/wp-backpack-21-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-05-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nextgen-gallery/nextgen-gallery-337-authenticated-admininistrator-arbitrary-file-read-and-deletion-in-gallery_edit</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-dropi-integration/dropify-469-reflected-cross-site-scripting</loc>
<lastmod>2025-06-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/shapeless/shapeless-11-cross-site-scripting</loc>
<lastmod>2012-09-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mybooktable/mybooktable-bookstore-337-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flatpm-wp/flat-pm-2661-reflected-cross-site-scripting</loc>
<lastmod>2022-11-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-library-assistant/media-library-assistant-311-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2023-10-02T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/gamic/gamic-115-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-164-denial-of-service</loc>
<lastmod>2015-05-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awesome-support/awesome-support-614-missing-authorization-to-authenticated-subscriber-arbitrary-post-modification</loc>
<lastmod>2023-10-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/easy-elementor-addons/easy-elementor-addons-216-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-02-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-elements-addons-for-elementor/mega-elements-122-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/recaptcha-jetpack/recaptcha-jetpack-022-cross-site-request-forgery</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-follow-up-emails/woocommerce-follow-up-emails-4940-authenticated-arbitrary-file-upload-in-template-editing</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sync-wc-google/bulk-product-sync-86-cross-site-request-forgery</loc>
<lastmod>2025-04-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/wprentals/rentals-3131-cross-site-request-forgery</loc>
<lastmod>2025-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/learnpress/learnpress-4271-authenticated-subscriber-open-redirect</loc>
<lastmod>2025-01-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-data-access/wp-data-access-app-table-form-and-chart-builder-plugin-5522-unauthenticated-sql-injection</loc>
<lastmod>2024-12-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-fastest-cache/wp-fastest-cache-112-cross-site-request-forgery-via-wpfc_pause_cdn_integration_ajax_request_callback</loc>
<lastmod>2023-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cf7-conditional-fields/conditional-fields-for-contact-form-7-240-missing-authorization</loc>
<lastmod>2023-11-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flo-forms/flo-forms-easy-drag-drop-form-builder-1035-options-change-to-stored-cross-site-scripting</loc>
<lastmod>2021-03-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-checkout-field-editor-pro/checkout-field-editor-172-authenticated-admin-php-object-injection</loc>
<lastmod>2022-11-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapfig-premium-leaflet-map-maker/acugis-leaflet-maps-5110-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2025-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wti-like-post/wti-like-post-143-sql-injection</loc>
<lastmod>2015-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jquery-reply-to-comment/jquery-reply-to-comment-131-cross-site-request-forgery</loc>
<lastmod>2021-09-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/geeky-bot/geekybot-122-missing-authorization-to-unauthenticated-arbitrary-plugin-installation-via-geekybot_frontendajax-ajax-action</loc>
<lastmod>2026-05-04T15:26:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-faqs/ultimate-faqs-1821-cross-site-scripting</loc>
<lastmod>2019-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/reepay-checkout-gateway/frisbii-pay-1821-missing-authorization</loc>
<lastmod>2025-09-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-youtube/smart-youtube-pro-43-cross-site-request-forgery-via-handle_colorbox_options</loc>
<lastmod>2023-02-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/big-store/big-store-193-cross-site-request-forgery-to-arbitrary-plugin-activation</loc>
<lastmod>2023-03-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpbookit/wpbookit-108-missing-authorization-to-unauthenticated-sensitive-customer-data-exposure</loc>
<lastmod>2026-03-03T12:28:50.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/spice-starter-sites/spice-starter-sites-125-reflected-cross-site-scripting</loc>
<lastmod>2024-09-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishlist/wishlist-210-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-links-page/wp-links-page-496-authenticated-subscriber-sql-injection</loc>
<lastmod>2025-07-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rescue-shortcodes/rescue-shortcodes-29-authenticated-contributor-stored-cross-site-scripting-via-rescue_progressbar-shortcode</loc>
<lastmod>2024-11-22T21:34:33.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/workreap/workreap-theme-222-authorization-bypass</loc>
<lastmod>2021-06-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bulk-image-resizer/bulk-images-optimizer-resize-optimize-convert-to-webp-rename-201-missing-authorization-to-authenticated-subscriber-plugin-options-update</loc>
<lastmod>2024-10-17T15:44:23.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chaty/floating-chat-widget-318-authenticated-editor-stored-cross-site-scripting</loc>
<lastmod>2024-04-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-extra-fields/wordpress-user-extra-fields-166-missing-authorization-to-authenticated-subscriber-privilege-escalation</loc>
<lastmod>2024-11-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/brightbox/brightbox-unknown-versions-cross-site-scripting</loc>
<lastmod>2012-10-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/akismet-privacy-policies/akismet-privacy-policies-201-reflected-cross-site-scripting</loc>
<lastmod>2022-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/editionguard-for-woocommerce-ebook-sales-with-drm-342-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rs-wp-books-showcase/rs-wp-book-showcase-6741-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gs-logo-slider/logo-slider-370-cross-site-request-forgery</loc>
<lastmod>2024-10-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/audio-comparison-lite/audio-comparison-lite-34-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fattura24/fattura24-627-reflected-cross-site-scripting-via-id</loc>
<lastmod>2023-10-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/support-x/crm-perks-wordpress-helpdesk-integration-zendesk-freshdesk-helpscout-116-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-12-16T09:47:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mapplic-lite/mapplic-lite-10-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-09-25T21:22:47.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/3.0/wordpress-core-302-missing-authorization</loc>
<lastmod>2010-12-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mailchimp-forms-by-mailmunch/mailchimp-forms-by-mailmunch-323-reflected-cross-site-scripting</loc>
<lastmod>2024-11-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/yamaps/yamaps-for-wordpress-0640-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-04-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/burst-statistics/burst-statistics-206-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/leyka/leyka-3292-cross-site-request-forgery</loc>
<lastmod>2023-03-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/advanced-ads/advanced-ads-ad-manager-adsense-2014-missing-authorization-to-authenticated-subscriber-ad-placements-update</loc>
<lastmod>2026-02-18T15:11:38.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/resca/resca-302-reflected-cross-site-scripting</loc>
<lastmod>2025-09-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/penci-shortcodes/penci-shortcodes-performance-61-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-01-10T23:40:52.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sexybookmarks/sexybookmarks-6140-cross-site-request-forgery</loc>
<lastmod>2014-08-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mashsharer/social-media-share-buttons-mashshare-231-information-disclosure</loc>
<lastmod>2015-04-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apocalypse-meow/apocalypse-meow-2210-authenticated-administrator-sql-injection-via-type-parameter</loc>
<lastmod>2026-03-04T16:06:27.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contest-gallery/contest-gallery-2606-authenticated-contributor-stored-cross-site-scripting-via-id-parameter</loc>
<lastmod>2025-05-07T22:33:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nv-slider/nv-slider-16-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tour-booking-manager/wptravelly-185-missing-authorization</loc>
<lastmod>2025-01-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ht-mega-for-elementor/ht-mega-257-authenticated-contributor-json-file-directory-traversal</loc>
<lastmod>2024-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-sms-alert/admin-sms-alert110-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-11-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-floating-menu/wp-floating-menu-140-cross-site-scripting-via-id-parameter</loc>
<lastmod>2020-08-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gravity-signature-forms-add-on/signature-add-on-for-gravity-forms-186-missing-authorization</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/king-addons/king-addons-for-elementor-free-elements-widgets-templates-and-features-for-elementor-241292-51114-unauthenticated-privilege-escalation</loc>
<lastmod>2025-10-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-1241-cross-site-request-forgery</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/admin-font-editor/admin-font-editor-17-reflected-cross-site-scripting</loc>
<lastmod>2016-02-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-gallery/wp-easy-gallery-485-authenticated-contributor-sql-injection-via-key-parameter</loc>
<lastmod>2024-09-30T19:33:55.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/activitypub/activitypub-0170-authenticated-subscriber-insecure-direct-object-reference-to-sensitive-post-content-exposure</loc>
<lastmod>2023-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woo-order-export-lite/advanced-order-export-for-woocommerce-355-unauthenticated-php-object-injection-via-order-details</loc>
<lastmod>2024-11-12T14:44:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jetpack/jetpack-371-stored-cross-site-scripting</loc>
<lastmod>2015-10-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-pdf-invoices-packing-slips/woocommerce-pdf-invoices-packing-slips-2140-300-reflected-cross-site-scripting</loc>
<lastmod>2022-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/fox-lms/fox-lms-1063-authenticated-contributor-sql-injection</loc>
<lastmod>2026-02-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shipyaari-shipping-managment/shipyaari-shipping-management-12-unauthenticated-php-object-injection</loc>
<lastmod>2024-10-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/enteraddons/enter-addons-218-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/elementskit-lite/elements-kit-elementor-addons-314-missing-authorization</loc>
<lastmod>2024-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-job-portal/wp-job-portal-ai-powered-recruitment-system-for-company-or-job-board-website-251-unauthenticated-sql-injection</loc>
<lastmod>2026-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/romancart-on-wordpress/romancart-on-wordpress-002-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-membership/membership-164-missing-authorization</loc>
<lastmod>2026-01-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/idonate/idonate-2113-missing-authorization</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/houzez-crm/houzez-crm-142-authenticated-seller-sql-injection</loc>
<lastmod>2024-07-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cafe-lite/clever-addons-for-elementor-220-authenticated-author-stored-cross-site-scripting</loc>
<lastmod>2024-08-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/dn-popup/dn-popup-122-cross-site-request-forgery-to-settings-update</loc>
<lastmod>2024-08-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themesflat-addons-for-elementor/themesflat-addons-for-elementor-232-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tx-onepager/onepage-builder-easiest-landing-page-builder-for-wordpress-241-authenticated-administrator-sql-injection</loc>
<lastmod>2023-07-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/greenshift-animation-and-page-builder-blocks/greenshift-animation-and-page-builder-blocks-97-missing-authorization</loc>
<lastmod>2024-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/anomify/anomify-ai-036-cross-site-request-forgery</loc>
<lastmod>2026-05-19T17:36:30.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-photo-reviews/woocommerce-photo-reviews-premium-13132-authentication-bypass-to-account-takeover-and-privilege-escalation</loc>
<lastmod>2024-09-10T20:00:49.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-abandoned-cart/abandoned-cart-lite-for-woocommerce-5141-cross-site-request-forgery-via-delete_expired_used_coupon_code</loc>
<lastmod>2023-05-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mega-addons-for-visual-composer/mega-addons-for-wpbakery-page-builder-430-authenticated-subscriber-settings-update</loc>
<lastmod>2022-12-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/administrator-z/administrator-z-20250328-authenticated-admin-directory-traversal</loc>
<lastmod>2025-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slideshow-gallery/slideshow-gallery-174-cross-site-scripting</loc>
<lastmod>2021-10-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/contact-form-by-supsystic/contact-form-by-supsystic-1736-reflected-cross-site-scripting</loc>
<lastmod>2025-08-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/vampire-character/vampire-character-manager-213-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/apartment-management/wpams-440-17-08-2023-unauthenticated-sql-injection</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-widget-classes/custom-widget-classes-11-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-51-unauthenticated-privilege-escalation-via-nsl_registration_store_extra_input</loc>
<lastmod>2025-04-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/adwords-conversion-tracking-code/adwords-conversion-tracking-code-10-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sello-channelconnector/sello-channelconnector-163-reflected-cross-site-scripting</loc>
<lastmod>2025-08-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-child/mainwp-child-4411-information-disclosure-via-back-up-files</loc>
<lastmod>2023-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-easy-pay/wp-easypay-square-for-wordpress-320-cross-site-request-forgery-bypass</loc>
<lastmod>2021-07-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cities-shipping-zones-for-woocommerce/cities-shipping-zones-for-woocommerce-127-authenticated-shop-manager-local-file-inclusion</loc>
<lastmod>2024-09-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-taxonomy-import/wp-taxonomy-import-105-reflected-cross-site-scripting</loc>
<lastmod>2022-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/huger-elementor/huger-for-elementor-115-missing-authorization</loc>
<lastmod>2025-12-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/comment-emailer/comment-emailer-105-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/video-gallery-block/video-gallery-block-display-your-videos-as-a-gallery-in-a-professional-way-110-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themify-builder/themify-builder-757-open-redirect-via-tb_redirect_fail</loc>
<lastmod>2024-05-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/find-your-reps/find-your-reps-12-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogzee/blogzee-105-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2026-01-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/blogmatic/blogmatic-103-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/consensus-embed/consensus-embed-16-authenticated-contributor-stored-cross-site-scripting-via-src-shortcode-attribute</loc>
<lastmod>2026-03-06T18:45:53.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/debrandify/debrandify-remove-or-replace-wordpress-branding-112-authenticated-author-stored-cross-site-scripting-via-svg-file-upload</loc>
<lastmod>2024-10-17T21:32:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gianism/gianism-520-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/barcode-scanner-mobile-app-1110-unauthenticated-privilege-escalation-via-insecure-token-authentication</loc>
<lastmod>2026-04-15T11:13:44.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-signature/wordpress-signature-01-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-01-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/article-directory/article-directory-13-authenticated-administrator-stored-cross-site-scripting-via-publish_terms_text</loc>
<lastmod>2022-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-ja-ja-pagamentos-multicaixa-express/j-j-pagamentos-for-woocommerce-130-reflected-cross-site-scripting</loc>
<lastmod>2025-03-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wedevs-project-manager/wp-project-manager-2615-authenticated-subscriber-sensitive-information-exposure-via-project-task-list-rest-api</loc>
<lastmod>2024-12-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/htaccess/htaccess-181-cross-site-request-forgery</loc>
<lastmod>2020-02-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pz-linkcard/pz-linkcard-252-reflected-cross-site-scripting</loc>
<lastmod>2024-03-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-blocks/essential-blocks-page-builder-gutenberg-blocks-patterns-templates-461-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-07-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-custom-cursors/wp-custom-cursors-31-authenticated-admin-sql-injection</loc>
<lastmod>2023-05-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-product-vendors/product-vendors-2035-reflected-cross-site-scripting</loc>
<lastmod>2017-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-sitemap/simple-sitemap-3513-cross-site-request-forgery-via-admin_notices</loc>
<lastmod>2024-06-13T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woopra/woopra-analytics-plugin-1432-remote-code-execution</loc>
<lastmod>2013-10-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/tablesome/tablesome-table-contact-form-db-wpforms-cf7-gravity-forminator-fluent-054-121-missing-authorization-to-authenticated-subscriber-information-exposure-and-privilege-escalation</loc>
<lastmod>2026-02-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/electric-studio-download-counter/electric-studio-download-counter-24-authenticated-administrator-stored-cross-site-scripting-via-settings-parameters</loc>
<lastmod>2026-01-13T17:29:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/powerpack-addon-for-beaver-builder/powerpack-lite-for-beaver-builder-130-authenticatedcontributor-stored-cross-site-scripting-via-element-link</loc>
<lastmod>2024-03-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/email-form-under-post/mandrill-wp-105-cross-site-request-forgery</loc>
<lastmod>2024-12-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smart-agreements/smart-agreements-103-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/extra-user-details/extra-user-details-05-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eshop-magic/eshop-magic-02-arbitrary-file-read</loc>
<lastmod>2012-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/premmerce-woocommerce-wishlist/premmerce-wishlist-for-woocommerce-1111-unauthenticated-sql-injection</loc>
<lastmod>2026-06-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sendy/sendy-342-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/crete-core/crete-core-143-unauthenticated-sql-injection</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/loobek/loobek-152-reflected-cross-site-scripting</loc>
<lastmod>2026-03-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coreactivity/coreactivity-18-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-01-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/thegem/thegem-591-reflected-cross-site-scripting</loc>
<lastmod>2023-12-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flynax-bridge/flynax-bridge-220-unauthenticated-limited-privilege-escalation</loc>
<lastmod>2025-05-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/bold-page-builder/bold-page-builder-535-authenticated-contributor-stored-cross-site-scripting-via-data-text-parameter</loc>
<lastmod>2025-05-17T16:21:31.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rss-for-yandex-turbo/rss-for-yandex-turbo-130-admin-stored-cross-site-scripting</loc>
<lastmod>2021-04-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slick-sitemap/slick-sitemap-200-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-20T13:35:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/capturly-optimize-your-website/capturly-201-unauthenticated-local-file-inclusion</loc>
<lastmod>2025-04-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/blog-posts-and-category-for-elementor/blog-posts-and-category-filter-for-elementor-103-authenticated-contributor-stored-cross-site-scripting-via-post-and-category-filter-widget</loc>
<lastmod>2024-07-08T15:42:29.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/coschedule-by-todaymade/coschedule-340-missing-authorization</loc>
<lastmod>2025-11-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-ajax-chat/simple-ajax-chat-add-a-fast-secure-chat-box-20240318-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-05-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/miniorange-login-with-eve-online-google-facebook/oauth-single-sign-on-sso-oauth-client-6241-cross-site-request-forgery-via-discard-in-mooauth_client_applist_page</loc>
<lastmod>2023-02-15T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-blocks/ultimate-blocks-327-authenticated-contributor-stored-cross-site-scripting-via-content-parameter</loc>
<lastmod>2025-03-25T21:03:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/essential-addons-for-elementor-lite/essential-addons-for-elementor-popular-elementor-templates-widgets-660-missing-authorization</loc>
<lastmod>2026-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/famous/famous-all-versions-arbitrary-file-upload</loc>
<lastmod>2012-06-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-post-notes/simple-post-notes-177-authenticated-administrator-stored-cross-site-scripting</loc>
<lastmod>2024-07-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/misiek-photo-album/misiek-photo-album-143-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2024-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/simple-alert-boxes/simple-alert-boxes-140-authenticated-contributor-stored-cross-site-scripting-via-alert-shortcode</loc>
<lastmod>2024-07-08T20:02:07.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ars-affiliate-page/ars-affiliate-page-plugin-202-reflected-cross-site-scripting</loc>
<lastmod>2025-01-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jalbum-bridge/jalbum-bridge-2017-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/pro-addons-for-elementor/pro-addons-for-elementor-150-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/commonsbooking/commonsbooking-268-unauthenticated-sql-injection</loc>
<lastmod>2022-02-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-asambleas/wp-asambleas-2850-unauthenticated-arbitrary-shortcode-execution</loc>
<lastmod>2025-02-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/visual-form-builder/visual-form-builder-307-cross-site-request-forgery-to-data-modification</loc>
<lastmod>2022-04-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/live-support-tickets/contact-forms-live-support-crm-video-messages-1103-unauthenticated-information-disclosure</loc>
<lastmod>2024-10-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/digital-license-manager/digital-license-manager-173-reflected-cross-site-scripting-via-remove_query_arg-function</loc>
<lastmod>2025-03-24T20:55:16.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-brands/woocommerce-brands-1649-cross-site-request-forgery</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/css-javascript-toolbox/css-javascript-toolbox-1205-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-10-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revechat/reve-chat-622-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/styler-for-ninja-forms-lite/styler-for-ninja-forms-334-authenticated-subscriber-arbitrary-option-deletion-via-deactivate_license</loc>
<lastmod>2024-11-12T13:26:45.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gf-hubspot/gravity-forms-hubspot-126-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/images-to-webp/images-to-webp-19-cross-site-request-forgery</loc>
<lastmod>2021-10-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-sticky-social/wp-sticky-social-101-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2023-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/addthis/addthis-502-authenticated-stored-cross-site-scripting</loc>
<lastmod>2015-06-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/font-awesome-integration/font-awesome-integration-50-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flippingbook/flippingbook-201-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-12-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/terms-descriptions/terms-descriptions-348-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-07-17T16:23:32.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-wallet/wc-wallet-220-missing-authorization-to-authenticated-subscriber-arbitrary-content-deletion</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/newsletter/newsletter-745-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2022-05-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wc-shipos-delivery/deliver-via-shipos-for-woocommerce-217-reflected-cross-site-scripting</loc>
<lastmod>2025-04-10T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-downloadmanager/wp-downloadmanager-plugin-1686-reflected-cross-site-scripting</loc>
<lastmod>2021-12-28T08:23:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sphere-manager/sphere-manager-102-authenticated-contributor-cross-site-scripting-via-width-shortcode-attribute</loc>
<lastmod>2026-02-13T18:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/smtp2go/smtp2go-1121-missing-authorization</loc>
<lastmod>2025-07-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-gdpr-compliance/gdpr-ccpa-compliance-support-23-php-object-injection</loc>
<lastmod>2020-11-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/sf-booking/service-finder-bookings-60-authenticated-subscriber-privilege-escalation-via-change_candidate_password</loc>
<lastmod>2025-10-31T16:21:08.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/awcode-toolkit/awcode-toolkit-1018-cross-site-request-forgery-to-stored-cross-site-scripting</loc>
<lastmod>2025-05-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/otw-portfolio-manager/portfolio-manager-pro-38-unauthenticated-php-object-injection</loc>
<lastmod>2025-08-21T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-recipe-maker/recipe-maker-1024-missing-authorization</loc>
<lastmod>2026-01-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-travel-engine/wp-travel-engine-tour-booking-plugin-tour-operator-software-6712-unauthenticated-php-object-injection</loc>
<lastmod>2026-06-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mancx-askme-widget/mancx-askme-widget-03-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ocean-extra/ocean-extra-226-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-04-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/core/6.8/wordpress-682-authenticated-contributor-sensitive-information-exposure</loc>
<lastmod>2025-09-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wplegalpages/wplegalpages-354-missing-authorization</loc>
<lastmod>2026-01-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/betterdocs/betterdocs-358-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-08-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/amty-thumb-recent-post/amtythumb-posts-820-cross-site-scripting</loc>
<lastmod>2017-11-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/rtwwcfp-wordpress-contact-form-7-pdf/contact-form-7-pdf-google-sheet-database-300-authenticated-subscriber-arbitrary-file-upload</loc>
<lastmod>2025-10-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/cowidgets-elementor-addons/cowidgets-elementor-addons-120-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shortcodes-for-amp-web-stories-and-elementor-widget/web-stories-widgets-for-elementor-11-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-11-08T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/backup-backup/backup-migration-200-missing-authorization-to-unauthenticated-backup-upload-to-offline-storage</loc>
<lastmod>2026-04-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/w3-total-cache/guzzle-657-and-70-744-information-exposure</loc>
<lastmod>2022-06-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/survey-maker/survey-maker-best-wordpress-survey-plugin-313-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2023-01-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/shopmagic-for-woocommerce/shopmagic-472-missing-authorization</loc>
<lastmod>2026-01-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/youtube-simplegallery/youtube-simplegallery-206-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-03-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/custom-sidebars-by-proteusthemes/custom-sidebars-by-proteusthemes-103-cross-site-request-forgery</loc>
<lastmod>2025-12-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/image-shadow/image-shadow-110-authenticated-subscriber-arbitrary-file-deletion</loc>
<lastmod>2025-06-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/clipta-video-informer/clipta-video-informer-10-reflected-cross-site-scripting</loc>
<lastmod>2014-07-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpforms-lite/contact-form-by-wpforms-1753-authenticated-administrator-arbitrary-file-access-via-path-traversal</loc>
<lastmod>2022-09-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpb-advanced-faq/wpb-advanced-faq-106-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-02-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chart-builder/chartify-276-reflected-cross-site-scripting</loc>
<lastmod>2024-09-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/donation-button/donation-button-400-missing-authorization</loc>
<lastmod>2022-11-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/eu-vat-for-woocommerce/multiple-plugins-by-wpcodefactory-various-versions-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gallery-factory-lite/gallery-factory-lite-200-authenticated-contributor-stored-cross-site-scripting-via-shortcode</loc>
<lastmod>2023-01-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/piotnet-addons-for-elementor/piotnet-addons-for-elementor-2425-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2024-03-25T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-advanced-search/wp-advanced-search-338-cross-site-request-forgery-leading-to-plugin-settings-updates</loc>
<lastmod>2023-03-14T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/netmix/netmix-1010-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-02-17T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/food-drop/food-drop-13-unauthenticated-local-file-inclusion</loc>
<lastmod>2026-05-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-dummy-content-generator/wp-dummy-content-generator-321-unauthenticated-code-injection</loc>
<lastmod>2024-04-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/gpxpress/gpxpress-13-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes</loc>
<lastmod>2025-12-11T14:39:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/auto-featured-image-from-title/auto-featured-image-from-title-23-reflected-cross-site-scripting</loc>
<lastmod>2024-09-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revisionary/publishpress-revisions-duplicate-posts-submit-approve-and-schedule-content-changes-3722-cross-site-request-forgery</loc>
<lastmod>2026-01-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/grand-media/gmedia-photo-gallery-1230-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/user-private-files/frontend-file-manager-sharing-user-private-files-111-missing-authorization</loc>
<lastmod>2022-08-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-auto-spinner/wordpress-auto-spinner-3250-missing-authorization</loc>
<lastmod>2025-05-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/woocommerce-discounts-plus/discounts-manager-for-products-344-reflected-cross-site-scripting</loc>
<lastmod>2021-10-12T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/php-everywhere/php-everywhere-202-cross-site-request-forgery</loc>
<lastmod>2022-01-13T10:26:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-ride-booking/wp-ride-booking-24-cross-site-request-forgery</loc>
<lastmod>2025-03-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/acf-frontend-form-element/frontend-admin-by-dynamiapps-3194-improper-missing-encryption-exception-handling-to-form-manipulation</loc>
<lastmod>2024-04-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/psw-login-and-registration/psw-front-end-login-registration-112-insufficiently-random-values-to-unauthenticated-account-takeoverprivilege-escalation-via-customer_registration-function</loc>
<lastmod>2025-05-30T18:09:43.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/kiotvietsync/kiotviet-sync-185-use-of-hard-coded-password-to-authorization-bypass</loc>
<lastmod>2025-11-04T18:55:04.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/mainwp-code-snippets-extension/mainwp-code-snippets-extension-402-authenticated-subscriber-php-code-injection</loc>
<lastmod>2023-01-18T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/magical-addons-for-elementor/magical-addons-for-elementor-141-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2026-03-01T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/absolute-addons/absolute-addons-for-elementor-1014-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2024-11-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/give/givewp-2252-cross-site-request-forgery-via-give_ajax_delete_payment_note</loc>
<lastmod>2023-03-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/materialis/materialis-1124-missing-authorization-to-limited-arbitrary-options-update</loc>
<lastmod>2024-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jet-woo-builder/jetwoobuilder-2118-authenticated-contributor-local-file-inclusion</loc>
<lastmod>2025-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-member/ultimate-member-2032-cross-site-request-forgery</loc>
<lastmod>2018-11-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/responsive-add-ons/responsive-plus-elementor-templates-starter-sites-343-unauthenticated-arbitrary-code-execution</loc>
<lastmod>2026-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/profile-builder/profile-builder-user-profile-user-registration-forms-224-reflected-cross-site-scripting</loc>
<lastmod>2015-11-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wordpress-database-reset/database-reset-322-cross-site-request-forgery-to-wp-reset-plugin-installation</loc>
<lastmod>2024-02-20T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/revslider/slider-revolution-700-7010-authenticated-subscriber-arbitrary-file-upload-via-_get_media_url</loc>
<lastmod>2026-05-06T16:15:58.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpdm-premium-packages/premium-packages-sell-digital-products-securely-593-reflected-cross-site-scripting-via-add_query_arg</loc>
<lastmod>2024-11-21T17:16:14.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/themerain-core/themerain-core-119-missing-authorization</loc>
<lastmod>2025-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/chamber-dashboard-business-directory/chamber-dashboard-business-directory-331-cross-site-scripting</loc>
<lastmod>2020-08-31T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wpshapere-lite/wpshapere-wordpress-admin-theme-141-cross-site-request-forgery</loc>
<lastmod>2025-06-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-mailing-group/mailing-group-listserv-305-cross-site-request-forgery</loc>
<lastmod>2025-06-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ninja-forms/ninja-forms-the-contact-form-builder-that-grows-with-you-3120-cross-site-request-forgery-to-plugin-settings-update</loc>
<lastmod>2025-09-26T14:16:01.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wp-user-avatar/paid-membership-plugin-ecommerce-user-registration-form-login-form-user-profile-restrict-content-profilepress-41519-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2025-01-23T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/wishsuite/wishsuite-133-cross-site-request-forgery-via-plugin_activation</loc>
<lastmod>2023-03-30T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/traffic-manager/traffic-manager-145-unauthenticated-stored-cross-site-scripting</loc>
<lastmod>2024-08-03T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/themes/noo-jobmonster/noo-jobmonster-4529-reflected-cross-site-scripting</loc>
<lastmod>2019-10-24T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/media-download/media-library-file-download-14-cross-site-request-forgery</loc>
<lastmod>2025-10-27T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/seraphinite-accelerator/seraphinite-accelerator-22215-22113-pro-authenticated-subscriber-information-exposure</loc>
<lastmod>2024-12-19T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/monsters-editor-10-for-wp-super-edit/monsters-editor-for-wp-super-edit-11-arbitrary-file-upload</loc>
<lastmod>2012-08-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/exact-links/url-shortener-307-unauthenticated-server-side-request-forgery</loc>
<lastmod>2025-07-04T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/click-pledge-connect/click-pledge-connect-plugin-224080000-wp661-unauthenticated-sql-injection</loc>
<lastmod>2025-04-09T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/jungbillig-portfolio-gallery/filterable-portfolio-164-authenticated-admin-stored-cross-site-scripting</loc>
<lastmod>2024-04-26T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/legal-plus/legal-10-reflected-cross-site-scripting</loc>
<lastmod>2025-01-16T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/flex-store-user/flex-store-users-110-unauthenticated-privilege-escalation</loc>
<lastmod>2025-12-19T18:05:13.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/nexa-blocks/nexa-blocks-110-authenticated-contributor-server-side-request-forgery</loc>
<lastmod>2025-06-05T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ravpage/ravpage-216-reflected-cross-site-scripting</loc>
<lastmod>2022-04-28T11:09:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/void-visual-whmcs-element/wpbakery-visual-composer-whmcs-elements-1041-authenticated-contributor-stored-cross-site-scripting</loc>
<lastmod>2025-05-07T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/integrate-google-drive/integrate-google-drive-138-missing-authorization-to-unauthenticated-settings-modification-and-export</loc>
<lastmod>2024-03-29T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/medical-prescription-attachment-plugin-for-woocommerce/medical-prescription-attachment-plugin-for-woocommerce-123-unauthenticated-arbitrary-file-upload</loc>
<lastmod>2025-07-11T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/ultimate-product-catalogue/ultimate-product-catalog-4222-arbitrary-file-upload</loc>
<lastmod>2015-04-22T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/encrypted-blog/encrypted-blog-0062-reflected-cross-site-scripting</loc>
<lastmod>2013-08-28T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
<url>
<loc>https://wordsec.net/vulnerabilities/plugins/slider-responsive-slideshow/slider-responsive-slideshow-image-slider-gallery-slideshow-140-missing-authorization</loc>
<lastmod>2024-06-06T00:00:00.000Z</lastmod>
<changefreq>monthly</changefreq>
<priority>0.5</priority>
</url>
</urlset>
